Date: Wed, 4 Jun 1997 23:25:39 -0400 From: "J.D. Falk" <jdfalk@cybernothing.org> To: Bernie Doehner <bad@uhf.wireless.net> Cc: Alan Batie <batie@agora.rdrop.com>, isp@FreeBSD.ORG Subject: Re: stopping mailspam without tears... Message-ID: <19970604232539.00436@cybernothing.org> In-Reply-To: <Pine.BSF.3.95.970604184705.1468E-100000@uhf.wdc.net> [9706.04] References: <199705302215.PAA12753@agora.rdrop.com> <Pine.BSF.3.95.970604184705.1468E-100000@uhf.wdc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 4, Bernie Doehner <bad@uhf.wireless.net> wrote: > > I'm using those and my sendmail is happily rejecting 20-40K messages/day; > > not all by any means, but it stops me from being a relay and also stops > > a lot of the worst scam junk (they tend to use invalid domains, which > > the filters check for). > > So, how did you make check_compat work and not break your virtual domains, > or do you not have any? The problem with check_compat is that it's called /after/ the entire message has been transmitted -- so, while it can be used to stop relaying, it doesn't save you any bandwidth. I'm using the following on my personal machine; this box is not used as an outgoing SMTP server by any dial-in users' eudora or anything like that, so it might not be a solution for some of you. This is all in the mc file, but it should be pretty clear how to cut & paste it directly into the cf if you want. Watch out for tabs. -=-=-=-=-=-=-=-=- LOCAL_CONFIG # From http://www.informatik.uni-kiel.de/%7Eca/email/chk-db.html # # file containing full e-mail addresses of well-known spammers: # spammer@address.domain SPAMMER # or junk domain: # junk.domain JUNK Kjunk hash /etc/spammertable LOCAL_RULESETS # From http://www.informatik.uni-kiel.de/%7Eca/email/chk-db.html # # check for junk domain/spammers Sjunk # lookup domain in database R$*<@$+>$* $:$1<@$(junk $2$)>$3 # exists? return R$*<@JUNK>$* $@$1<@JUNK>$2 # lookup address in database R$*<@$+>$* $:$1<@$(junk $1@$2 $:$2$)>$3 # exists? return R$*<@SPAMMER>$* $@$1<@SPAMMER>$2 # mv one subdomain in front, try again R$*<@$-.$-.$+>$* $: $2<@> $>junk $1<@$3.$4>$5 # undo damage R$*<@>$*<@$+>$* $2<@$1.$3>$4 Scheck_mail # From http://www.informatik.uni-kiel.de/%7Eca/email/chk-db.html # # don't check these R<$*@$=w> $@ ok shortcut R$* $: $>3 $1 canonify R$- $@ ok local host # no host without a . in the FQHN ? R$*<@$->$* $#error $@ 5.1.8 $: 518 invalid host name $2, check your configuration. # this is dangerous! no real name # R$*<@$*$~P>$* $#error $@ 4.1.8 $: 418 unresolvable host name $2$3, check your setup. # now remove the dot R$*<@$*.>$* $: $1<@$2>$3 # and check the database R$*<@$*>$* $: $>junk $1<@$2>$3 R$*<@$*JUNK>$* $#error $@ 5.7.1 $: "571 This domain is banned, contact your local admin." go away R$*<@$*SPAMMER>$* $#error $@ 5.7.1 $: "571 You are banned, contact your local admin." go away Scheck_rcpt # From David B. O'Donnell <PMDAropos@aol.com> # (I'm only using David's check_rcpt routine, not the check_mail) R<$+ @ $=w > $@ OK R<$+ @ $m > $@ OK R$* $: $(dequote "" $&{client_name} $) R$=w $@ OK R$@ $@ OK R$* $#error $@ 5.7.1 $: "550 Relaying denied" -=-=-=-=-=-=-=-=- If I were building a machine that is going to relay mail for some people (either as a backup MX host or a direct SMTP server), I'd probably use the recipes on: http://www.informatik.uni-kiel.de/%7Eca/email/check.html One thing that this doesn't catch is mail sent from a valid domain, to friend@public.com (I'm sure you've all seen that one.) So, I added an /etc/procmailrc file which reads simply: -=-=-=-=-=-=-=-=- # Global procmail recipes LOGFILE=/var/log/etc-procmailrc LOGABSTRACT=all VERBOSE=off :0 * ^TOfriend@public.com { EXITCODE = 68 HOST } LOGABSTRACT=no -=-=-=-=-=-=-=-=- EXITCODE = 68 will instruct sendmail to return a bounce message reading "no such host." *grin* Check out the sysexits man page (which only FreeBSD seems to have) for more. -- J.D. Falk, Network Operations Center Supervisor +1 (415) 482-2840 Priori Networks, Inc. http://www.priori.net "The people you know. The people you trust."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970604232539.00436>