Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 26 Jun 1997 22:19:34 +0200
From:      Andreas Klemm <andreas@klemm.gtn.com>
To:        hackers@FreeBSD.ORG
Subject:   want to add anti spam rules for sendmail to FreeBSD-current ...
Message-ID:  <19970626221934.55848@klemm.gtn.com>

next in thread | raw e-mail | index | archive | help
Hi !

At work I'm currently building up a new Gateway machine based
on sendmail and stumbled over the www.sendmail.org pages that
finally brought me to the following interesting URL:

	http://www.harker.com/sendmail/anti-spam/check_mail.html

The check_mail rules can be very easily imported into your sendmail.mc
file as FEATURE.

	http://www.idot.aol.com/preferredmail

Contains spammer addresses that are collected by AOL from 
their customers.

I'd vote to add the check_mail.m4 feature-file to FreeBSD-current 
(location: /usr/src/usr.sbin/sendmail/cf/feature/check_mail.m4)

as well as an example /etc/check_mail file that contains the
most famous spam sites .... (location: /usr/src/etc/check_mail)

You need to have direct access to internet, then you can use it
if you are talking SMTP directly or if you are using UUCP via TCP.

I'd love to see this fine m4 file in FreeBSD and perhaps a 
sample check_mail file that waits for being enabled ;-)

	Andreas ///

-------------------------------------------------------- SNIP ----
BTW: The check_mail.m4 file does the following:

The check_mail ruleset is a ruleset that is used by the SMTP server
function of sendmail, sendmail -bd, to check that the sender address, the
MAIL From:  address, is allowed to send SMTP message to this host.  The
key to this ruleset is that the results of the ruleset are used for an
accept/reject decision.  The results are not used to rewrite the address
by sendmail.  The check_mail ruleset is passed the address found in the
MAIL From: command without any focus.  This address is tested and if the
error mailer is returned from the check_mail ruleset, then the message is
rejected, otherwise the results are tossed.  This means that you can do
any thing with the address you want including setting it to the string
"OK" if the sender address is acceptable.  (Setting the address to OK is
useful when you are looking at debugging information)

The nice thing about the check_mail ruleset is that it causes mail to be
rejected before it is accepted.

This check_mail ruleset accepts mail sent from this host or domain.
This includes:
        The local hostname, $w
        The class of local hostnames, $=w
        The local domain name, $m
        The class of local domain names, $=m
        The class of domains I masquerade, $=M

This check_mail ruleset rejects mail on the following criteria:
        Bad host or domain names based on DNS canonicalization of the name
        Non-local addresses hidden behind our host or domain name
                user%remote.dom@my.dom
        Specific user addresses
        Specific hostnames or domain names in the sender address
        Specific IP addresses or networks in the SMTP client address
        Specific hostnames or domain names in the SMTP client address

The user addresses, hostnames, domain names, IP addresses and networks are
stored in a hashed table database (Berkeley db hash, by default) for fast
lookup of the names.  The value returned by the database is the text of the
SMTP error returned to the SMTP client.


check_mail Database:
The format of the check_mail database is:
        The lookup key is the address to be rejected
        The value returned is the error message returned

Lookup Key:
The key can be one of the following:
A specific user address:
        user@host.dom
Only this address is rejected, all other addresses from host.dom are allowed
A specific user address is any key that has an @ sign in it.

A host or a domain name
        host01.spam.dom
        spam.dom
All addresses that end with this host or domain name are rejected
The mail is rejected if this is either in the MAIL From: address, or it is
in the hostname of the connecting SMTP client

A IP network number, either one, two or three octets followed by trailing zeros:
        123.0.0.0
        123.123.0.0
        123.123.123.0
All SMTP clients whose IP address starts with these IP network numbers will
be rejected.  Note that there is no check for correct class of the network
entry so an entry 192.0.0.0 would reject all class C networks that start
with 192.

A specific IP network address:
        123.123.123.123
The specific SMTP client whose IP address is 123.123.123.123

Value Returned:
The value returned can either be a specific error message for this address
or it can be the single word REJECT which will return a generic SMTP error
message:
        553 Access denied
This allows you to tailor your insults to specific spam sites


Database Example:
key                     Function:
user@host.dom           Access denied for user@host.dom
host.spam.dom           Access denied for host host.spam.dom
spam.dom                Access denied for domain spam.dom domain
123.0.0.0               Access denied for IP network 123.0.0.0 network
123.123.0.0             Access denied for IP network 123.123.0.0 network
123.123.123.0           Access denied for IP network 123.123.123.0 network
123.123.123.102         Access denied for IP address 123.123.123.123


Where to get a list of domains to ban:
AOL maintains their own list of domains that they ban because of a history
of spam complaints from their customers.  This is their PreferredMail
project and is available from:
        http://www.idot.aol.com/preferredmail
(Thanks to David Neff at HP)
(Are there any other lists that I don`t know about?)

-------------------------------------------------------- SNIP ----

-- 
Andreas Klemm | klemm.gtn.com - powered by
                    Symmetric MultiProcessor FreeBSD
                       http://www.freebsd.org/~fsmp/SMP/SMP.html
                          http://www.freebsd.org/~fsmp/SMP/benches.html



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970626221934.55848>