From owner-freebsd-questions@FreeBSD.ORG Thu Apr 15 10:26:40 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5DAA316A4CE for ; Thu, 15 Apr 2004 10:26:40 -0700 (PDT) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id F05A943D31 for ; Thu, 15 Apr 2004 10:26:39 -0700 (PDT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.12.10/8.12.10) id i3FHQYRT015332; Thu, 15 Apr 2004 12:26:34 -0500 (CDT) (envelope-from dan) Date: Thu, 15 Apr 2004 12:26:34 -0500 From: Dan Nelson To: Martin McCormick Message-ID: <20040415172633.GI28745@dan.emsphone.com> References: <200404151631.i3FGVGOf005743@dc.cis.okstate.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200404151631.i3FGVGOf005743@dc.cis.okstate.edu> X-OS: FreeBSD 5.2-CURRENT X-message-flag: Outlook Error User-Agent: Mutt/1.5.6i cc: freebsd-questions@freebsd.org Subject: Re: Setting Sendmail to Refuse Possibly Forged Headers X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Apr 2004 17:26:40 -0000 In the last episode (Apr 15), Martin McCormick said: > The sendmail that comes with FreeBSD is set to disallow all > third-party relaying which is wonderful and how I want to keep > things. > > In addition to that, I would like to try to set it to refuse > incoming mail with forged address headers. Judging from the logs, it > seems to be pretty good at catching such messages and most of the > ones I look at that trigger this warning are spam. Take a look at the milter-sender port, which checks the sender's email address and verifies that an smtp server is listening. It's not something that can be done within sendmail, which is why it's a milter. Another thing to check is the HELO string. The following will block all incoming mails claiming to be the mailserver itself. Replace XXXXXX your with server's IP and domainnames, spearated by spaces (so "C{RejectHelo} 1.2.3.4 mydomain.com", for example). I deny ~500 spams a day with this rule alone. #+\/+ Block connections from servers that try and send our IP or hostname in the HELO LOCAL_CONFIG C{RejectHelo} XXXXXXXXXX LOCAL_RULESETS SLocal_check_mail R$* $: $1 $| $&s Put helo name in workspace R$* $| $={RejectHelo} $#error $@ 5.7.1 $: "550 Spammer access denied" R$* $| $* $: $1 Extract helo from workspace if it doesn't match #-/\- -- Dan Nelson dnelson@allantgroup.com