freebsd-dev/etc/mail/README

		Filtering out SPAM from your site

Introduction:
	The FreeBSD Project filters spam, unsolicited commerical
e-mail, from its mailing lists.  The filter has two parts: databases
and rulesets.  We have rulesets to /etc/sendmail.cf, check_rcpt,
check_relay, check_rbl, check_mail and xlat. (xlat is for testing
only, as explained in /etc/mail/sendmail.cf.additions.) These
rulesets use three databases.  The denyip, a list of IP addresses,
spamsites, a list of domains, and fakenames, a list of bogus
usernames (such as investor and success).  We do not accept mail
from any machine that matches a entry in either database, or users
in the fakenames database.

	WARNING: We do not maintain the database source files.
		 Read domain.txt and ips.txt.
		 (Make will fetch them for you)
		 Domains that you want to allow, should be added
		 to the file /etc/mail/allowed_domains.txt.
		 IP addresses that you want to allow, should be added
		 to the file /etc/mail/allowed_ips.txt.

Filtering at your site:
	To filter spam at your site you need to:
	1. modify your /etc/sendmail.cf, 
	2. retrieve the database source files from the master site,
	3. make the databases and 
	4. finally signal sendmail that the configuration file has changed.

1. Modifying your /etc/sendmail.cf
	Add the database declarations and the rulesets contained
in /etc/mail/sendmail.cf.additions to your .mc file.  If you do
not use m4 to generate your /etc/sendmail.cf, add the database
declarations to your /etc/sendmail.cf.

2. Fetching the database source files:

	The database source files are available from Gulf Coast
Internet via anonymous FTP.  The Makefile in /etc/mail will retreive
the source files for you: as root, type "cd /etc/mail; make" at
the command line.  The previous version of the database source
files is moved to <filename>.0.  

	Local additions should be kept in separate files.  We use
spamsites.local and denyip.local.  You may want to diff the new
versions of the files against the previous versions to see what
has changed.  

	Local deletions should be kept in separate files.  We use
allowed_domain.txt and allowed_ips.txt.  (This feature was added
after netcom.com was added to the spam block list.)

3. Make the databases:
	As root, type "cd /etc/mail; make install" will build the
two databases from the retrieved source files and the local additions
files.

4. Signaling sendmail:
	Sendmail will reread its configuration whenever sendmail
receives a HUP signal.  As root, type "kill -HUP `cat
/var/run/sendmail.pid`".  Check sendmail's log file to be sure that
it has restarted.  /var/log/maillog should contain the line:  "Oct
15 08:59:16 hub sendmail[6565]: restarting /usr/sbin/sendmail on
signal".  Most likely, the date, time, hostname and process id will
be differ.

Testing the spam filter:

How can I tell if its working:
	The mail log file, /var/log/maillog, will contain a line
for every message filtered.  The lines will be similar to one of
these two log entries:

Check_mail rejects:
Oct 15 02:43:26 hub sendmail[6565]: CAA06565: ruleset=check_mail,
arg1=<announce@martianconsulate.com>, relay=xxx.isp.net [###.###.###.###],
reject=521 <announce@martianconsulate.com>

Nov 30 15:56:37 hub sendmail[15058]: PAA15058: ruleset=check_mail,
arg1=<ultramax@s2.eddelwissl.NET>, relay=relay.somewhere.com
[###.###.###.###], reject=451 <ultramax@s2.eddelwissl.NET>... Domain
does not resolve


Check_relay rejects:
Oct 19 04:45:24 hub sendmail[3503]: NOQUEUE: ruleset=check_relay,
arg1=imsp015.netvigator.com, arg2=205.252.144.206, relay=root@localhost,
reject=521 blocked.contact postmaster@FreeBSD.ORG

check_rcpt reject:
Nov 30 15:04:08 hub sendmail[12390]: PAA12390: ruleset=check_rcpt,
arg1=investor@100percent.per.year.com, relay=newfed.frb.gov
[198.3.221.5], reject=553 investor@100percent.per.year.com...
521<investor@100percent.per.year.com>#blocked.contact postmaster
Sun Nov 16 11:40:53 PST 1997