From owner-freebsd-hackers Thu Jun 26 13:37:32 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id NAA11145 for hackers-outgoing; Thu, 26 Jun 1997 13:37:32 -0700 (PDT) Received: from news1.gtn.com (news1.gtn.com [194.77.0.15]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA11119 for ; Thu, 26 Jun 1997 13:37:12 -0700 (PDT) Received: (from uucp@localhost) by news1.gtn.com (8.7.2/8.7.2) with UUCP id WAA19116 for hackers@FreeBSD.ORG; Thu, 26 Jun 1997 22:30:27 +0200 (MET DST) Received: (from andreas@localhost) by klemm.gtn.com (8.8.5/8.8.5) id WAA15041; Thu, 26 Jun 1997 22:19:34 +0200 (CEST) Message-ID: <19970626221934.55848@klemm.gtn.com> Date: Thu, 26 Jun 1997 22:19:34 +0200 From: Andreas Klemm To: hackers@FreeBSD.ORG Subject: want to add anti spam rules for sendmail to FreeBSD-current ... Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.75 X-Disclaimer: A free society is one where it is safe to be unpopular X-Operating-System: FreeBSD 3.0-CURRENT SMP Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Hi ! At work I'm currently building up a new Gateway machine based on sendmail and stumbled over the www.sendmail.org pages that finally brought me to the following interesting URL: http://www.harker.com/sendmail/anti-spam/check_mail.html The check_mail rules can be very easily imported into your sendmail.mc file as FEATURE. http://www.idot.aol.com/preferredmail Contains spammer addresses that are collected by AOL from their customers. I'd vote to add the check_mail.m4 feature-file to FreeBSD-current (location: /usr/src/usr.sbin/sendmail/cf/feature/check_mail.m4) as well as an example /etc/check_mail file that contains the most famous spam sites .... (location: /usr/src/etc/check_mail) You need to have direct access to internet, then you can use it if you are talking SMTP directly or if you are using UUCP via TCP. I'd love to see this fine m4 file in FreeBSD and perhaps a sample check_mail file that waits for being enabled ;-) Andreas /// -------------------------------------------------------- SNIP ---- BTW: The check_mail.m4 file does the following: The check_mail ruleset is a ruleset that is used by the SMTP server function of sendmail, sendmail -bd, to check that the sender address, the MAIL From: address, is allowed to send SMTP message to this host. The key to this ruleset is that the results of the ruleset are used for an accept/reject decision. The results are not used to rewrite the address by sendmail. The check_mail ruleset is passed the address found in the MAIL From: command without any focus. This address is tested and if the error mailer is returned from the check_mail ruleset, then the message is rejected, otherwise the results are tossed. This means that you can do any thing with the address you want including setting it to the string "OK" if the sender address is acceptable. (Setting the address to OK is useful when you are looking at debugging information) The nice thing about the check_mail ruleset is that it causes mail to be rejected before it is accepted. This check_mail ruleset accepts mail sent from this host or domain. This includes: The local hostname, $w The class of local hostnames, $=w The local domain name, $m The class of local domain names, $=m The class of domains I masquerade, $=M This check_mail ruleset rejects mail on the following criteria: Bad host or domain names based on DNS canonicalization of the name Non-local addresses hidden behind our host or domain name user%remote.dom@my.dom Specific user addresses Specific hostnames or domain names in the sender address Specific IP addresses or networks in the SMTP client address Specific hostnames or domain names in the SMTP client address The user addresses, hostnames, domain names, IP addresses and networks are stored in a hashed table database (Berkeley db hash, by default) for fast lookup of the names. The value returned by the database is the text of the SMTP error returned to the SMTP client. check_mail Database: The format of the check_mail database is: The lookup key is the address to be rejected The value returned is the error message returned Lookup Key: The key can be one of the following: A specific user address: user@host.dom Only this address is rejected, all other addresses from host.dom are allowed A specific user address is any key that has an @ sign in it. A host or a domain name host01.spam.dom spam.dom All addresses that end with this host or domain name are rejected The mail is rejected if this is either in the MAIL From: address, or it is in the hostname of the connecting SMTP client A IP network number, either one, two or three octets followed by trailing zeros: 123.0.0.0 123.123.0.0 123.123.123.0 All SMTP clients whose IP address starts with these IP network numbers will be rejected. Note that there is no check for correct class of the network entry so an entry 192.0.0.0 would reject all class C networks that start with 192. A specific IP network address: 123.123.123.123 The specific SMTP client whose IP address is 123.123.123.123 Value Returned: The value returned can either be a specific error message for this address or it can be the single word REJECT which will return a generic SMTP error message: 553 Access denied This allows you to tailor your insults to specific spam sites Database Example: key Function: user@host.dom Access denied for user@host.dom host.spam.dom Access denied for host host.spam.dom spam.dom Access denied for domain spam.dom domain 123.0.0.0 Access denied for IP network 123.0.0.0 network 123.123.0.0 Access denied for IP network 123.123.0.0 network 123.123.123.0 Access denied for IP network 123.123.123.0 network 123.123.123.102 Access denied for IP address 123.123.123.123 Where to get a list of domains to ban: AOL maintains their own list of domains that they ban because of a history of spam complaints from their customers. This is their PreferredMail project and is available from: http://www.idot.aol.com/preferredmail (Thanks to David Neff at HP) (Are there any other lists that I don`t know about?) -------------------------------------------------------- SNIP ---- -- Andreas Klemm | klemm.gtn.com - powered by Symmetric MultiProcessor FreeBSD http://www.freebsd.org/~fsmp/SMP/SMP.html http://www.freebsd.org/~fsmp/SMP/benches.html