Date: Mon, 12 May 1997 09:50:37 +1000 (EST) From: "Daniel O'Callaghan" <danny@panda.hilink.com.au> To: Dev Chanchani <dev@wopr.inetu.net> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Sendmail hack Message-ID: <Pine.BSF.3.91.970512094708.4479n@panda.hilink.com.au> In-Reply-To: <Pine.BSF.3.95q.970511185824.21995A-100000@wopr.inetu.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 11 May 1997, Dev Chanchani wrote:
> I and my users have been receiving a lot of spam mail recently. Usually,
> this is not so bad because I will just reply to remove me. However, more
> and more spammers are using fake domain names to send their spam from. I
> was wondering if you could hack sendmail to do a lookup on the reply to or
> from address. If the domain name is non-existant, reject the mail.
This was recently posted by Adrian Chadd on -hackers.
These rules prevent remote sites from using you as a relay to deliver
spams, and also prevent mail from arriving from non-existent senders.
Note, however, that it only checks the 'MAIL FROM:<...>', and does not
check the 'From:' line in the headers. A replacement for sendmail a la
TIS's smap/smapd which actually reads the message and rejects messages
with bogus 'Received:' lines would be wonderful.
Danny
*** sendmail.cf.orig Thu May 8 11:48:54 1997
--- sendmail.cf Thu May 8 11:52:09 1997
***************
*** 80,85 ****
--- 80,100 ----
# ... this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
+ # Both these files are basic text files, one host or user@host per line
+ # a list of known spammers, user@host form one per line
+ F{Spammer}/etc/sendmail/spammers
+
+ # A list of domains to completely block, one per line
+ F{SpamDomains}/etc/sendmail/spamdomains
+
+ Kdequote dequote
+ # Localdomains is a plaintext list of domains we accept mail for, including
+ # virtual domains
+ F{LocalDomains}/etc/sendmail/virtdomains
+ # Contains a plaintext list of IPs we will relay mail for, can be X.Y.Z to
+ # cover a whole class C..
+ F{LocalNetworks}/etc/sendmail/localnetworks
+
CP.
***************
*** 823,825 ****
--- 838,894 ----
R$+ $: $>61 $1
R$+ $: $>93 $1
+
+
+ # blocking of spammers at MAIL From: and forcing DNS resolve
+ # (note - this is incompatible with the DeliveryMode=defer option, since
+ # it requires that a DNS lookup be done immediately upon mail receipt.
+
+ Scheck_mail
+ # Check for valid domain name
+ R$* $: <?> $>3 $1
+ R<?> $* < @ $+ . > $: <OK>
+ R<?> $* < @ $+ > $#error $@ 4.5.1 $: "451 Domain must resolve"
+
+
+ # Check against spammer list
+ R<$={Spammer}> $#error $@ 5.7.1 $: "571 We don't accept junk mail"
+ R$* $: $>3 $1
+ R$*<@$={SpamDomains}.>$* $#error $@ 5.7.1 $: "571 We don't accept junk mail from your domain"
+ R$*<@*$={SpamDomains}>$* $#error $@ 5.7.1 $: "571 We don't accept junk mail from your domain"
+ R$={Spammer} $#error $@ 5.7.1 $: "571 We don't accept junk mail from your domain"
+
+
+
+ #
+ # check_rcpt
+ #
+ Scheck_rcpt
+
+ # mail terminating locally is ok
+ R$*$={LocalDomains}$* $@ OK
+
+ # adding the client's domain name...
+ R$* $: $(dequote "" $&{client_name} $) $| $1
+
+ # directly invoked (no client name) is ok
+ R $| $* $@ OK
+
+ # we will relay mail from clients in our own domain
+ R$*$={LocalDomains}$* $| $* $@ OK
+
+ # adding the client's ip number...
+ R$* $: $(dequote "" $&{client_addr} $) $| $1
+
+ # directly invoked (no ip address) is ok
+ R0 $| $* $| $* $@ OK
+
+ # we will relay all mail from clients on our own networks
+ R$*$={LocalNetworks}$* $| $* $| $* $@ OK
+
+ # or from localhost
+ R$*127.0.0.1$* $| $* $| $* $@
+
+ # anything else is bogus
+ R$* $#error $@ 5.5.0 $: "550 Relay Denied"
+
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.970512094708.4479n>