Solved

I want to DISCARD incoming mail that matches blacklist instead of REFUSING it. How to change sendmail for this?

Posted on 2006-07-08
7
610 Views
Last Modified: 2013-12-17
In sendmail.mc, I am using a blacklist feature to block CHINA, because this one server receives over 50,000 incoming mails on a daily basis that are refused as a result.

It reads:
FEATURE(`dnsbl', `cn.countries.nerd.dk', `"450 Mail from suspected spam source " $`'&{client_addr} " refused - using DNSBL countries.nerd.dk"')

In sendmail.mc, it then looks like this:
# DNS based IP address spam list cn.countries.nerd.dk
R$*                     $: $&{client_addr}
R::ffff:$-.$-.$-.$-     $: <?> $(host $4.$3.$2.$1.cn.countries.nerd.dk. $: OK $)
R$-.$-.$-.$-            $: <?> $(host $4.$3.$2.$1.cn.countries.nerd.dk. $: OK $)
R<?>OK                  $: OKSOFAR
R<?>$+                  $#error $@ 5.7.1 $: "450 Mail from suspected spam source " $&{client_addr} " refused - using DNSBL countries.nerd.dk"

I would like to rewrite it so it DISCARDS matches instead of REFUSING them.

I assume this line needs to be rewritten:
R<?>$+                  $#error $@ 5.7.1 $: "450 Mail from suspected spam source " $&{client_addr} " refused - using DNSBL countries.nerd.dk"

and I need guidance in doing so.
0
Comment
Question by:innsites
  • 3
  • 2
  • 2
7 Comments
 
LVL 34

Accepted Solution

by:
PsiCop earned 250 total points
ID: 17065788
Using the "dnsbl" FEATURE of sendmail will result in a DISCARD instead of a REJECT. In order to change that behaviour you'll need to:

1) Hack cf/feature/dnsbl.m4 and replace the line that reads:

R<?>$+                  $#error $@ 5.7.1 $: _DNSBL_MSG_

with something like:

R<?>$+                  $#discard $@ 5.7.1 $: _DNSBL_MSG_

2) Don't use FEATURE(dnsbl) - instead, create a LOCAL_CONFIG section in sendmail.mc (at the bottom, after the MAILER statements) and copy cf/feature/dnsbl.m4 into there and change the "error" to "discard" in your version of it. Don't forget to set the RBL hostname correctly.

Method 2) takes a little more work, but can easily be ported between platforms and sendmail versions, whereas with method 1) you'll need to remember to re-hack cf/feature/dnsbl.m4 every time you upgrade or work on a different machine.
0
 
LVL 6

Expert Comment

by:anfi
ID: 17066054
Are you sure?

Discarding (takes place after accepting and) consumes more resources than refusing to accept.
Discarding is against spirit of "SMTP contract" to deliver or send back bounce message after giving ACK to the final dot of the message.
0
 

Author Comment

by:innsites
ID: 17066060
Thank you for your detailed response.

I modified dnsbl.m4 as suggested with this
R<?>$+                  $#discard $@ 5.7.1 $: _DNSBL_MSG_

But this error shows in maillog as a result:

Jul  8 16:49:00 mythos sendmail[8719]: NOQUEUE: SYSERR(root): /etc/sendmail.cf: line 1053: invalid rewrite line "R<?>^A+                  ^A#discard ^A@ 5.7.1 ^A: "450 Mail from suspected spam source " ^A&, " refused - using DNSBL countries.nerd.dk"" (tab expected)

Corrections?
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:innsites
ID: 17066072
Response to anfi

The refusals are creating problems with resulting excessive mqueue sizes.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 17066206
I don't know what tool you used to modify dnsbl.m4, but whatever you used, it was the wrong thing. Hopefully you retained an unaltered copy. Try using vi, pico, or nano... and remeber that TAB is the whitespace character in sendmail Rulesets, not spaces.
0
 
LVL 6

Assisted Solution

by:anfi
anfi earned 250 total points
ID: 17066208
FEATURE(`dnsbl',...) rejects message before DATA command (before message itself is transfered).
It does not put any message in your server queue.

Your server refuses to accept the message => it makes cinnecting host responsible for generating bounce messages (NOT YOUR HOST).
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 17066222
anfi is right, by the way. Both about DISCARD being RFC-impolite, and about the point at which FEATURE(dnsbl) rejects the E-Mail.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This short article will present "How to import ICS Calendar onto Office 365 Calendar". I was searching for free (or not free) tools to convert ICS to CSV without success. The only tools I found & working well were online tools...this was too hard to…
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now