From owner-freebsd-hackers Sat May 3 05:48:01 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id FAA27448 for hackers-outgoing; Sat, 3 May 1997 05:48:01 -0700 (PDT) Received: from caliban.dihelix.com (caliban.dihelix.com [198.180.136.138]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id FAA27435 for ; Sat, 3 May 1997 05:47:56 -0700 (PDT) Received: (from langfod@localhost) by caliban.dihelix.com (8.8.5/8.8.3) id CAA01113; Sat, 3 May 1997 02:46:46 -1000 (HST) Message-Id: <199705031246.CAA01113@caliban.dihelix.com> Subject: Re: Antispam sendmail.cf modifications.. In-Reply-To: from Adrian Chadd at "May 3, 97 07:46:17 pm" To: adrian@obiwan.psinet.net.au (Adrian Chadd) Date: Sat, 3 May 1997 02:46:46 -1000 (HST) Cc: freebsd-hackers@FreeBSD.ORG From: "David Langford" X-blank-line: This space intentionaly left blank. X-Mailer: ELM [version 2.4ME+ PL31 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Adrian Chadd >This stuff is just repeats off webpages and usenet postings, but I suppose >nothing will happen unless someone does something. :) > >The diffs from the standard sendmail.cf file are as follows : What a cf file???? :-) Any the following message was on freebsd-questions not long ago. (Of course the freebsd search engine is uselees for this sort of thing) I am using the changes included here in a production environment with only a few changes. My biggest problem stems from sites that dont know what IN-ADDR.ARPA entry is *sigh*. That and the fact that I have been watching the sendmail log to catch users that dial up from other sites.... Good luck. -David Langfod langfod@dihelix.com > Forwarded message follows: Date: Fri, 4 Apr 1997 01:13:29 +0200 (SAT) From: Khetan Gajjar cc: questions@freebsd.org Subject: Re: Uninvited usage for sendmail Sender: owner-questions@freebsd.org >Get sendmail 8.8.5 (seems stable now, been out for a couple of months) >and install the check_* rules. check_relay is the one you want. Just to make like easier, I'm including my freebsd.mc file, which you can use to build your "own" sendmail.cf (in /etc). Place the freebsd.mc file in /usr/src/usr.sbin/sendmail/cf/cf/ and re-compile sendmail/. The anti-spam filtering stuff should be included. PS. I'm including the file readme.txt first, to include the information explaining what all the files do :-) Explanation of files -------------------- -rw-rw-r-- 1 root wheel 56 Mar 25 14:40 LocalNames This is a file which contains all machines which we allow to relay through us - i.e. they can send mail to people outside the domain -rw-rw-r-- 1 root wheel 335 Mar 25 14:31 SpamDomains This is a file which contains all the domains which we do not accept mail from - they are completely banned -rw-rw-r-- 1 root wheel 33 Mar 25 14:31 Spammer This is a file which contains all the users from whom we do not accept mail - they are completely banned -rw-rw-r-- 1 root wheel 24 Mar 25 14:40 relayto This is a file which contains all the machines for whom we retain or accept mail. Usually for virtual domains, or if we're the backup MX for someone -rw-r--r-- 1 root wheel 53 Mar 25 14:40 whoarewe This file contains a list of possible names we're known as --freebsd.mc-- divert(-1) # # Copyright (c) 1983 Eric P. Allman # Copyright (c) 1988, 1993 # The Regents of the University of California. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. All advertising materials mentioning features or use of this software # must display the following acknowledgement: # This product includes software developed by the University of # California, Berkeley and its contributors. # 4. Neither the name of the University nor the names of its contributors # may be used to endorse or promote products derived from this software # without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # This is a generic configuration file for 4.4 BSD-based systems, # including 4.4-Lite, BSDi, NetBSD, and FreeBSD. # It has support for local and SMTP mail only. If you want to # customize it, copy it to a name appropriate for your environment # and do the modifications there. # # Anti-spam modifications installed by Khetan from # http://www.informatik.uni-kiel.de/%7Eca/email/check.html # divert(0)dnl VERSIONID(`@(#)freebsd.mc $Revision: 1.3 $') OSTYPE(bsd4.4)dnl DOMAIN(generic)dnl MAILER(local)dnl MAILER(smtp)dnl FEATURE(mailertable, `hash -o /etc/mailertable')dnl define(`UUCP_RELAY', ucbvax.Berkeley.EDU)dnl define(`BITNET_RELAY', mailhost.Berkeley.EDU)dnl define(`CSNET_RELAY', mailhost.Berkeley.EDU)dnl define(`confCW_FILE', `-o /etc/mail/whoarewe')dnl LOCAL_CONFIG F{Spammer} /etc/mail/Spammer F{SpamDomains} /etc/mail/SpamDomains LOCAL_RULESETS Scheck_mail # make sure you have TABs here, not BLANKs! sendmail will complain otherwise... R<$={Spammer}> $#error $@ 4.7.1 $: "471 We don't accept junk mail" R$={Spammer} $#error $@ 4.7.1 $: "471 We don't accept junk mail" R$* $: $>3 $1 canonify R$*<@$*$={SpamDomains}.>$* $#error $@ 4.7.1 $: "471 This domain is banned." go away R$*<@$*$={SpamDomains}>$* $#error $@ 4.7.1 $: "471 This domain is banned." go away LOCAL_CONFIG F{LocalNames} /etc/mail/LocalNames F{RelayTo} /etc/mail/relayto LOCAL_RULESETS Scheck_rcpt # make sure you have TABs here, not BLANKs! sendmail will complain otherwise... # first: get client name R$+ $: $(dequote "" $&{client_name} $) $| $1 R $| $* $@ ok no client name: directly invoked R$*$={LocalNames} $| $* $@ ok from here # not local, check rcpt R$* $| $* $: $>3 $2 # remove local part, maybe repeatedly R$*<@$=w.>$* $>3 $1 $3 # alternatively: R$*<@$*$={RelayTo}.>$* $>3 $1 $4 # still something left? R$*<@$*>$* $#error $@ 4.7.1 $: 471 we do not relay --freebsd.mc-- --- Khetan Gajjar [ http://www.iafrica.com/~khetan] I'm a FreeBSD User! [ http://www.freebsd.org ] PGP Key [finger khetan@chain.iafrica.com] UUNet Internet Africa [0800-030-002 & help@iafrica.com]