From owner-freebsd-questions@FreeBSD.ORG Thu Apr 15 20:13:55 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D3FF16A4CE for ; Thu, 15 Apr 2004 20:13:55 -0700 (PDT) Received: from mtaw4.prodigy.net (mtaw4.prodigy.net [64.164.98.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5132443D2D for ; Thu, 15 Apr 2004 20:13:55 -0700 (PDT) (envelope-from antennex@swbell.net) Received: from SAGEAME (adsl-65-68-247-73.dsl.crchtx.swbell.net [65.68.247.73]) by mtaw4.prodigy.net (8.12.10/8.12.10) with SMTP id i3G3Dn5k015914; Thu, 15 Apr 2004 20:13:49 -0700 (PDT) Message-ID: <001201c42360$d6fa58a0$0200000a@SAGEAME> From: "antenneX" To: "Dan Nelson" References: <200404151631.i3FGVGOf005743@dc.cis.okstate.edu> <20040415172633.GI28745@dan.emsphone.com> Date: Thu, 15 Apr 2004 22:13:44 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 cc: freebsd-questions@freebsd.org Subject: Re: Setting Sendmail to Refuse Possibly Forged Headers X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Apr 2004 03:13:55 -0000 ----- Original Message ----- From: "Dan Nelson" To: "Martin McCormick" Cc: Sent: Thursday, April 15, 2004 12:26 PM Subject: Re: Setting Sendmail to Refuse Possibly Forged Headers > In the last episode (Apr 15), Martin McCormick said: > > The sendmail that comes with FreeBSD is set to disallow all > > third-party relaying which is wonderful and how I want to keep > > things. > > > > In addition to that, I would like to try to set it to refuse > > incoming mail with forged address headers. Judging from the logs, it > > seems to be pretty good at catching such messages and most of the > > ones I look at that trigger this warning are spam. > > Take a look at the milter-sender port, which checks the sender's email > address and verifies that an smtp server is listening. It's not > something that can be done within sendmail, which is why it's a milter. > > Another thing to check is the HELO string. The following will block > all incoming mails claiming to be the mailserver itself. Replace > XXXXXX your with server's IP and domainnames, spearated by spaces (so > "C{RejectHelo} 1.2.3.4 mydomain.com", for example). I deny ~500 spams > a day with this rule alone. > > #+\/+ Block connections from servers that try and send our IP or hostname in the HELO > LOCAL_CONFIG > C{RejectHelo} XXXXXXXXXX > > LOCAL_RULESETS > > SLocal_check_mail > R$* $: $1 $| $&s Put helo name in workspace > R$* $| $={RejectHelo} $#error $@ 5.7.1 $: "550 Spammer access denied" > R$* $| $* $: $1 Extract helo from workspace if it doesn't match > #-/\- > > -- > Dan Nelson > dnelson@allantgroup.com Dan: Your suggestions here were appealing, but I'm batting zero. 1- Will milter-sender work alongside spamass-milter...?? I *think* it was working on a test box, but failed on production box. 2- Each of your 3 lines above for "local_check_mail" yelled about expecting a Tab when sendmail was restarted... not sure how to fix that.....