1998-09-02 01:34:57 +00:00
|
|
|
# $Id:$
|
|
|
|
|
1998-02-25 22:06:34 +00:00
|
|
|
Filtering out SPAM from your site
|
1997-10-19 16:40:10 +00:00
|
|
|
|
|
|
|
Introduction:
|
|
|
|
The FreeBSD Project filters spam, unsolicited commerical
|
|
|
|
e-mail, from its mailing lists. The filter has two parts: databases
|
1997-12-01 00:15:38 +00:00
|
|
|
and rulesets. We have rulesets to /etc/sendmail.cf, check_rcpt,
|
|
|
|
check_relay, check_rbl, check_mail and xlat. (xlat is for testing
|
|
|
|
only, as explained in /etc/mail/sendmail.cf.additions.) These
|
|
|
|
rulesets use three databases. The denyip, a list of IP addresses,
|
|
|
|
spamsites, a list of domains, and fakenames, a list of bogus
|
|
|
|
usernames (such as investor and success). We do not accept mail
|
1997-12-15 04:38:15 +00:00
|
|
|
from any machine that matches a entry in either database, or users
|
1997-12-01 00:15:38 +00:00
|
|
|
in the fakenames database.
|
1997-10-19 16:40:10 +00:00
|
|
|
|
1998-02-25 22:06:34 +00:00
|
|
|
WARNING: We do not maintain the database source files.
|
|
|
|
Read domain.txt and ips.txt.
|
|
|
|
(Make will fetch them for you)
|
|
|
|
Domains that you want to allow, should be added
|
|
|
|
to the file /etc/mail/allowed_domains.txt.
|
|
|
|
IP addresses that you want to allow, should be added
|
|
|
|
to the file /etc/mail/allowed_ips.txt.
|
|
|
|
|
1997-10-19 16:40:10 +00:00
|
|
|
Filtering at your site:
|
|
|
|
To filter spam at your site you need to:
|
|
|
|
1. modify your /etc/sendmail.cf,
|
|
|
|
2. retrieve the database source files from the master site,
|
|
|
|
3. make the databases and
|
|
|
|
4. finally signal sendmail that the configuration file has changed.
|
|
|
|
|
|
|
|
1. Modifying your /etc/sendmail.cf
|
|
|
|
Add the database declarations and the rulesets contained
|
|
|
|
in /etc/mail/sendmail.cf.additions to your .mc file. If you do
|
|
|
|
not use m4 to generate your /etc/sendmail.cf, add the database
|
|
|
|
declarations to your /etc/sendmail.cf.
|
|
|
|
|
|
|
|
2. Fetching the database source files:
|
1998-02-25 22:06:34 +00:00
|
|
|
|
1997-10-19 16:40:10 +00:00
|
|
|
The database source files are available from Gulf Coast
|
|
|
|
Internet via anonymous FTP. The Makefile in /etc/mail will retreive
|
|
|
|
the source files for you: as root, type "cd /etc/mail; make" at
|
|
|
|
the command line. The previous version of the database source
|
1998-02-25 22:06:34 +00:00
|
|
|
files is moved to <filename>.0.
|
|
|
|
|
|
|
|
Local additions should be kept in separate files. We use
|
|
|
|
spamsites.local and denyip.local. You may want to diff the new
|
|
|
|
versions of the files against the previous versions to see what
|
|
|
|
has changed.
|
|
|
|
|
|
|
|
Local deletions should be kept in separate files. We use
|
|
|
|
allowed_domain.txt and allowed_ips.txt. (This feature was added
|
|
|
|
after netcom.com was added to the spam block list.)
|
1997-10-19 16:40:10 +00:00
|
|
|
|
|
|
|
3. Make the databases:
|
|
|
|
As root, type "cd /etc/mail; make install" will build the
|
|
|
|
two databases from the retrieved source files and the local additions
|
|
|
|
files.
|
|
|
|
|
|
|
|
4. Signaling sendmail:
|
|
|
|
Sendmail will reread its configuration whenever sendmail
|
|
|
|
receives a HUP signal. As root, type "kill -HUP `cat
|
|
|
|
/var/run/sendmail.pid`". Check sendmail's log file to be sure that
|
|
|
|
it has restarted. /var/log/maillog should contain the line: "Oct
|
|
|
|
15 08:59:16 hub sendmail[6565]: restarting /usr/sbin/sendmail on
|
|
|
|
signal". Most likely, the date, time, hostname and process id will
|
|
|
|
be differ.
|
|
|
|
|
|
|
|
Testing the spam filter:
|
|
|
|
|
|
|
|
How can I tell if its working:
|
|
|
|
The mail log file, /var/log/maillog, will contain a line
|
|
|
|
for every message filtered. The lines will be similar to one of
|
|
|
|
these two log entries:
|
|
|
|
|
|
|
|
Check_mail rejects:
|
1997-12-01 00:15:38 +00:00
|
|
|
Oct 15 02:43:26 hub sendmail[6565]: CAA06565: ruleset=check_mail,
|
1997-10-19 16:40:10 +00:00
|
|
|
arg1=<announce@martianconsulate.com>, relay=xxx.isp.net [###.###.###.###],
|
1997-12-01 00:15:38 +00:00
|
|
|
reject=521 <announce@martianconsulate.com>
|
|
|
|
|
|
|
|
Nov 30 15:56:37 hub sendmail[15058]: PAA15058: ruleset=check_mail,
|
|
|
|
arg1=<ultramax@s2.eddelwissl.NET>, relay=relay.somewhere.com
|
|
|
|
[###.###.###.###], reject=451 <ultramax@s2.eddelwissl.NET>... Domain
|
|
|
|
does not resolve
|
|
|
|
|
1997-10-19 16:40:10 +00:00
|
|
|
|
|
|
|
Check_relay rejects:
|
|
|
|
Oct 19 04:45:24 hub sendmail[3503]: NOQUEUE: ruleset=check_relay,
|
|
|
|
arg1=imsp015.netvigator.com, arg2=205.252.144.206, relay=root@localhost,
|
|
|
|
reject=521 blocked.contact postmaster@FreeBSD.ORG
|
1997-12-01 00:15:38 +00:00
|
|
|
|
|
|
|
check_rcpt reject:
|
|
|
|
Nov 30 15:04:08 hub sendmail[12390]: PAA12390: ruleset=check_rcpt,
|
|
|
|
arg1=investor@100percent.per.year.com, relay=newfed.frb.gov
|
|
|
|
[198.3.221.5], reject=553 investor@100percent.per.year.com...
|
|
|
|
521<investor@100percent.per.year.com>#blocked.contact postmaster
|
|
|
|
Sun Nov 16 11:40:53 PST 1997
|