Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 10 May 1997 14:46:23 -0700 (PDT)
From:      Dan Busarow <dan@dpcsys.com>
To:        Shawn Ramsey <shawn@luke.cpl.net>
Cc:        questions@FreeBSD.ORG
Subject:   Re: smtp server?
Message-ID:  <Pine.UW2.3.95.970510143953.8187E-100000@cedb>
In-Reply-To: <Pine.BSF.3.95.970510131044.264A-100000@luke.cpl.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, 10 May 1997, Shawn Ramsey wrote:
> It seems the solution at www.informatik.... will let you set it so you can
> relay only for who you want. Does anyone already have a sendmail.cf with
> this ruleset already set? I don't use/have a .mc file, and tried putting
> it directly into sendmail.cf, but get lots of errors. :(

We've been running these, or earlier versions, since January.
They work!

These rulesets are designed to prevent use of your machines to
relay mail for un-authorized sites, usually spammers.

You can install these anywhere in your .cf, I have ours following
ruleset 98.

In case your mail reader strips them, there has to be one or
more tabs between the test on the left and the action in the
middle, and between the action and the optional comment.

An explanation of how they works follows:
---- START OF RULES ----------------------------------------------
F{JunkMail} /etc/sendmail.junkmail
F{MxHosts} /etc/sendmail.mxhosts
F{LocalIP} /etc/sendmail.localip
F{SpamIP} /etc/sendmail.spamip

Scheck_mail
# Bounce junk mail
R<$={JunkMail}>			$#error $@ 5.7.1 $: "Access denied"
R$={JunkMail}			$#error $@ 5.7.1 $: "Access denied"
R$*				$: $>3 $1
R$* < @ $* $={JunkMail} > $*	$#error $@ 5.7.1 $: "Access denied"
R$* < @ $* $={JunkMail} . > $*	$#error $@ 5.7.1 $: "Access denied"

Scheck_rcpt
R$+						$: $(dequote "" $&{client_addr} $) $| $1
R0 $| $*				$@ ok		no client addr: directly invoked
R$={LocalIP}$* $| $*	$@ ok		from here
R$={SpamIP}$* $| $*		$#error $@ 5.7.1 $: 571 Access denied $1
# not local, not known spammer. check rcpt
R$* $| $*				$: $>3 $2
# remove local part, maybe repeatedly
R$*<@$=w.>$*			$>3 $1 $3
R$*<@$*$={MxHosts}.>$*	$>3 $1 $4
# still something left?
R$*<@$+>$*				$#error $@ 5.7.1 $: 571 no relay
---- END OF RULES ---------------------------------------------------
F{JunkMail} /etc/sendmail.junkmail

This is a flat text file containing the domain names of known
spammers, one per line.  You can also have entries for abusive
individuals at otherwise friendly sites.  i.e.

cyberpromo.com
quantcom.com
ImaSpammer@aol.com

F{MxHosts} /etc/sendmail.mxhosts

This is a text file containing the domain names that we do provide
MX services for.  Domains in your class Cw do not need to be
included here.  i.e.

goodguy.com
myfriend.com

F{LocalIP} /etc/sendmail.localip

A list of IP address *prefixes* and complete IP addresses that
you consider local.  i.e.

127.0.0.1
209.25.4
209.25.5
209.25.6.139
209.25.6.140

F{SpamIP} /etc/sendmail.spamip

A list of IP address prefixes and/or addresses of known spammers

205.199.212
206.27.86.210
207.124.161.50

The rules:

Scheck_mail

This rule is run when the client issues the MAIL command to 
sendmail, MAIL From: dan@dpcsys.com

R<$={JunkMail}>			$#error $@ 5.7.1 $: "Access denied"
R$={JunkMail}			$#error $@ 5.7.1 $: "Access denied"

Check for complete addresses and reject if found (ImaSpammer@aol.com)

R$*				$: $>3 $1

Renormalize the address

R$* < @ $* $={JunkMail} > $*	$#error $@ 5.7.1 $: "Access denied"
R$* < @ $* $={JunkMail} . > $*	$#error $@ 5.7.1 $: "Access denied"

Check for mail from domains of know spammers.  Note that
machine.cyberpromo.com, machine.subdomain.cyberpromo.com and
cyberpromo.com will all be caught.



Scheck_rcpt

This rule is run when the client issues a RCPT command to
sendmail, RCPT To: victime@target.domain

R$+						$: $(dequote "" $&{client_addr} $) $| $1

Get the IP address of the sender and put it on the left side of
the "$|", the recipient goes on the right side.

R0 $| $*				$@ ok		no client addr: directly invoked

If there is no IP address associated with the sender they are local

R$={LocalIP}$* $| $*	$@ ok		from here

If the IP address matches an entry in LocalIP they are local

R$={SpamIP}$* $| $*		$#error $@ 5.7.1 $: 571 Access denied $1

If the IP address matches an entry in SpamIP reject the mail

# not local, not known spammer. check rcpt
R$* $| $*				$: $>3 $2

Send the recipient address ($2) through ruleset 3 to get a
"normal" address to examine.

# remove local part, maybe repeatedly
R$*<@$=w.>$*			$>3 $1 $3

This rule will repeatedly remove references to members of Cw
(your own domain and sometimes virtual domains)

R$*<@$*$={MxHosts}.>$*	$>3 $1 $4

This rule will repeatedly remove references to hosts that you
allow to use your system as a relay (people you MX for, we
put virtual domains and UUCP connected customers here)

# still something left?
R$*<@$+>$*				$#error $@ 5.7.1 $: 571 no relay

Stripping Cw and MxHosts should have left us with something
like "joe@" for legitimate mail.  If there is anything left
on the right hand side of the "@" this was a relay attempt.

NB: The address rewriting done within these rules is *not*
propogated back through other rules.  The only thing sendmail
looks for from these rules is an error return.

Dan
-- 
 Dan Busarow                                                  714 443 4172
 DPC Systems / Beach.Net                                    dan@dpcsys.com
 Dana Point, California  83 09 EF 59 E0 11 89 B4   8D 09 DB FD E1 DD 0C 82

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.UW2.3.95.970510143953.8187E-100000>