Date: Thu, 15 Apr 2004 22:13:44 -0500 From: "antenneX" <antennex@swbell.net> To: "Dan Nelson" <dnelson@allantgroup.com> Cc: freebsd-questions@freebsd.org Subject: Re: Setting Sendmail to Refuse Possibly Forged Headers Message-ID: <001201c42360$d6fa58a0$0200000a@SAGEAME> References: <200404151631.i3FGVGOf005743@dc.cis.okstate.edu> <20040415172633.GI28745@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message -----
From: "Dan Nelson" <dnelson@allantgroup.com>
To: "Martin McCormick" <martin@dc.cis.okstate.edu>
Cc: <freebsd-questions@freebsd.org>
Sent: Thursday, April 15, 2004 12:26 PM
Subject: Re: Setting Sendmail to Refuse Possibly Forged Headers
> In the last episode (Apr 15), Martin McCormick said:
> > The sendmail that comes with FreeBSD is set to disallow all
> > third-party relaying which is wonderful and how I want to keep
> > things.
> >
> > In addition to that, I would like to try to set it to refuse
> > incoming mail with forged address headers. Judging from the logs, it
> > seems to be pretty good at catching such messages and most of the
> > ones I look at that trigger this warning are spam.
>
> Take a look at the milter-sender port, which checks the sender's email
> address and verifies that an smtp server is listening. It's not
> something that can be done within sendmail, which is why it's a milter.
>
> Another thing to check is the HELO string. The following will block
> all incoming mails claiming to be the mailserver itself. Replace
> XXXXXX your with server's IP and domainnames, spearated by spaces (so
> "C{RejectHelo} 1.2.3.4 mydomain.com", for example). I deny ~500 spams
> a day with this rule alone.
>
> #+\/+ Block connections from servers that try and send our IP or hostname
in the HELO
> LOCAL_CONFIG
> C{RejectHelo} XXXXXXXXXX
>
> LOCAL_RULESETS
>
> SLocal_check_mail
> R$* $: $1 $| $&s Put helo name in workspace
> R$* $| $={RejectHelo} $#error $@ 5.7.1 $: "550 Spammer access denied"
> R$* $| $* $: $1 Extract helo from workspace if it doesn't match
> #-/\-
>
> --
> Dan Nelson
> dnelson@allantgroup.com
Dan: Your suggestions here were appealing, but I'm batting zero.
1- Will milter-sender work alongside spamass-milter...??
I *think* it was working on a test box, but failed on production box.
2- Each of your 3 lines above for "local_check_mail" yelled about expecting
a Tab when sendmail was restarted... not sure how to fix that.....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001201c42360$d6fa58a0$0200000a>