update spam countermeasures

add examples of using an access_db
        update .mc files to match recommendations on
                http://www.sendmail.org/m4/anti-spam.html

	(grrr.....should have been one commit
	 did the last commit from a subdirectory)
This commit is contained in:
Jonathan M. Bresler 1999-05-11 03:29:04 +00:00
parent 54919b86a0
commit 762003080e
3 changed files with 15 additions and 204 deletions

View File

@ -1,13 +1,6 @@
# $Id: Makefile,v 1.5 1998/09/13 23:14:20 brian Exp $ # $Id: Makefile,v 1.6 1999/01/31 15:21:15 jmb Exp $
install: install:
/usr/sbin/makemap hash /etc/mail/spamsites < /etc/mail/block_domains.txt /usr/sbin/makemap hash /etc/mail/access < /etc/mail/access.txt
.if exists(/etc/mail/spamsites.local)
/usr/sbin/makemap -o hash /etc/mail/spamsites < /etc/mail/spamsites.local
.endif
/usr/sbin/makemap hash /etc/mail/denyip < /etc/mail/block_ips.txt
.if exists(/etc/mail/denyip.local)
/usr/sbin/makemap -o hash /etc/mail/denyip < /etc/mail/denyip.local
.endif
all: install all: install

View File

@ -1,74 +1,17 @@
# $Id: README,v 1.5 1998/09/02 01:34:57 brian Exp $ # $Id: README,v 1.5.2.1 1999/05/01 03:37:29 jkh Exp $
Filtering out SPAM from your site Filtering out SPAM from your site
Sendmail now includes excellent tools block spam. These
tools are available as FEATUREs that you can add to your site's
.mc file. Proper use of these FEATUREs will prevent spammer from
using your site as a relay as well as significantly decrease the
amount of spam that arrives at your site. No set of anti-spam
tools will block all spam without blocking some portion of legitimate
mail as well. Therefore, these FEATUREs are designed to prevent
as much spam as possible without blocking legitimate mail.
Introduction: These tools are discussed in /usr/src/contrib/sendmail/cf/README.
The FreeBSD Project filters spam, unsolicited commerical Read the section entitled "ANTI-SPAM CONFIGURATION CONTROL". Example
e-mail, from its mailing lists. The filter has two parts: databases usage and additional tools can be found in
and rulesets. We have rulesets to /etc/sendmail.cf, check_rcpt, /usr/src/contrib/sendmail/cf/cf/knecht.mc.
check_relay, check_rbl, check_mail and xlat. (xlat is for testing
only, as explained in /etc/mail/sendmail.cf.additions.) These
rulesets use three databases. The denyip, a list of IP addresses,
spamsites, a list of domains, and fakenames, a list of bogus
usernames (such as investor and success). We do not accept mail
from any machine that matches a entry in either database, or users
in the fakenames database.
Filtering at your site:
To filter spam at your site you need to:
1. modify your /etc/sendmail.cf,
2. create a list of domains/ips you wish to block
3. make the databases and
4. finally signal sendmail that the configuration file has changed.
1. Modifying your /etc/sendmail.cf
Add the database declarations and the rulesets contained
in /etc/mail/sendmail.cf.additions to your .mc file. If you do
not use m4 to generate your /etc/sendmail.cf, add the database
declarations to your /etc/sendmail.cf.
2. Put the list of domains you wish to block in /etc/mail/spamsites
3. Make the databases:
As root, type "cd /etc/mail; make install" will build the
two databases from the retrieved source files and the local additions
files.
4. Signaling sendmail:
Sendmail will reread its configuration whenever sendmail
receives a HUP signal. As root, type "kill -HUP `cat
/var/run/sendmail.pid`". Check sendmail's log file to be sure that
it has restarted. /var/log/maillog should contain the line: "Oct
15 08:59:16 hub sendmail[6565]: restarting /usr/sbin/sendmail on
signal". Most likely, the date, time, hostname and process id will
be differ.
Testing the spam filter:
How can I tell if its working:
The mail log file, /var/log/maillog, will contain a line
for every message filtered. The lines will be similar to one of
these two log entries:
Check_mail rejects:
Oct 15 02:43:26 hub sendmail[6565]: CAA06565: ruleset=check_mail,
arg1=<announce@martianconsulate.com>, relay=xxx.isp.net [###.###.###.###],
reject=521 <announce@martianconsulate.com>
Nov 30 15:56:37 hub sendmail[15058]: PAA15058: ruleset=check_mail,
arg1=<ultramax@s2.eddelwissl.NET>, relay=relay.somewhere.com
[###.###.###.###], reject=451 <ultramax@s2.eddelwissl.NET>... Domain
does not resolve
Check_relay rejects:
Oct 19 04:45:24 hub sendmail[3503]: NOQUEUE: ruleset=check_relay,
arg1=imsp015.netvigator.com, arg2=205.252.144.206, relay=root@localhost,
reject=521 blocked.contact postmaster@FreeBSD.ORG
check_rcpt reject:
Nov 30 15:04:08 hub sendmail[12390]: PAA12390: ruleset=check_rcpt,
arg1=investor@100percent.per.year.com, relay=newfed.frb.gov
[198.3.221.5], reject=553 investor@100percent.per.year.com...
521<investor@100percent.per.year.com>#blocked.contact postmaster
Sun Nov 16 11:40:53 PST 1997

View File

@ -1,125 +0,0 @@
# $Id:$
#
# list of hosts and domains for whom we relay mail.
# all .forward hosts, domains must be listed in this file.
# same for hosts and domains in /etc/aliases
F{LocalIP}-o /etc/mail/Local-IP
F{RelayTo}-o /etc/mail/Relay-Hosts
# database declarations
Kdenyip hash -o -a.REJECT /etc/mail/denyip.db
Kfakenames hash -o -a.REJECT /etc/mail/fakenames.db
Kspamsites hash -o -a.REJECT /etc/mail/spamsites.db
# helper rulsesets; useful for debugging sendmail configurations
#
#
Scheck_rbl
# lookup up an ip address in the Realtime Blackhole List.
R$-.$-.$-.$- $: $(host $4.$3.$2.$1.rbl.maps.vix.com $:OK $)
Sxlat # for sendmail -bt
# sendmail treats "$" and "|" as two distinct tokens
# this rule "pastes" them together into one token
# and then calls check_relay.
R$* $$| $* $: $1 $| $2
R$* $| $* $@ $>check_relay $1 $| $2
Scheck_relay
# called with "hostname.tld $| IP address" of connecting host.
# hostname.tld is the fully-qualified domain name
# IP address is dotted-quad with surrounding "[]" brackets.
#
# each group of rules in this ruleset is independent.
# each accepts and return "hostname.tld $| IP address"
# use the ones that you want comment out the rest
# you may rearrange the groups but not the rules in each group.
# each group is preceded and followed by a comment
#
# host must NOT be in the "spamsites" database--BEGIN
R$* $| $* $: <$1 $| $2> $1
R<$*> $+.$+.$+ <$1> $3.$4
R<$*> $+.$+ $: <$1> $(spamsites $2.$3 $)
R<$*> $*.REJECT $#error $: 521 blocked. contact postmaster@$m
R<$*> $* $: $1
# host must NOT be in the "spamsites" database--END
# ip address must NOT be in the "denyip" database--BEGIN
R$* $| $* $: $1 $| $(denyip $2 $)
R$* $| $*.REJECT $#error $: 521 blocked. contact postmaster@$m
# ip address must NOT be in the "denyip" database--END
R$* $@ OK
Scheck_mail
# called with envelope sender (everything after ":") in
# "Mail From: xxx", of SMTP conversation
# may or may not have "<" ">"
# the groups of rules in this ruleset ARE NOT independent.
# "remove all RFC-822 comments" must come first
# "Connecting Host" and "Paul Vixie's RBL" must be last
#
# use the ones that you want comment out the rest
# each group is preceded and followed by a comment
#
# remove all RFC-822 comments--BEGIN
# MUST be first rule in check_mail rulseset.
R$* $: $>3 $1
# remove all RFC-822 comments--END
# mail must come from a DNS resolvable host--BEGIN
R$* < @ $+ . > $: $1 @ $2
R$* < @ $+ > $#error $@ 4.1.8 $: "451 Domain does not resolve"
# mail must come from a DNS resolvable host--END
# mail must NOT come from a known source of spam--BEGIN
R$+ @$+ $: <$1@$2> $2
R<$*> $+.$+.$+ <$1> $3.$4
R<$*> $* $: $(spamsites $2 $: OK $)
R$+.REJECT $#error $@ 5.7.1 $: 550 $1
R<$*> $* $: $1
# mail must NOT come from a known source of spam--END
# Connecting Host must resolve--BEGIN
R$* $: $1 $: $(dequote "" $&{client_name} $)
R$* $: $>3 foo@$1
R<$*> $*<@$*> $#error $@ 4.1.8 $: "451 Domain does not resolve"
# Connecting Host must resolve--END
# ip address must NOT be in Paul Vixie's RBL--BEGIN
R$* $: $1 $: $(dequote "" $&{client_addr} $)
R$* $: $>check_rbl $1
R$*.com. $#error $@ 5.7.1 $: "550 Mail refused, see http://maps.vix.com/rbl"
# ip address must NOT be in Paul Vixie's RBL--END
R$* $@ OK
Scheck_rcpt
# called with envelope recipient (everything after ":") in
# "Rcpt To: xxx", of SMTP conversation
# may or may not have "<" ">" and or RFC-822 comments.
# let ruleset 3 clean this up for us.
#
# do NOT reorder these two groups of rules.
# restrict mail relaying to host and domains listed in /etc/sendmail.cR
#
# mail must NOT be addressed "fakenames"--BEGIN
R$* $: <$1> $>3 $1
R<$*> $+ < @ $+ > $: <$1> $(fakenames $2 $: OK $)
R$+.REJECT $#error $@ 5.2.1 $: 550 $1
R<$*> $* $: $1
# mail must NOT be addressed "fakenames"--END
# mail must come from or go to this machine or machines we allow to relay--BEGIN
# from http://www.informatik.uni-kiel.de/%7Eca/email/check.html#check_rcpt
R$+ $: $(dequote "" $&{client_addr} $) $| $1
R0 $| $* $@ ok
R$={LocalIP}$* $| $* $@ ok
# not local, check rcpt
R$* $| $* $: $>3 $2
# remove local part, maybe repeatedly
R$+ $:$>removelocal $1
# still something left?
R$*<@$+>$* $#error $@ 5.7.1 $: 550 we do not relay
#
Sremovelocal
# remove RelayTo part (maybe repeatedly)
# R$*<@$*$={RelayTo}.>$* $>3 $1 $4
R$*<@$=w.>$* $: $>removelocal $>3 $1 $3
R$*<@$*>$* $@ $1<@$2>$3
# dequote local part
R$- $: $>3 $(dequote $1 $)
R$*<@$*>$* $: $>removelocal $1<@$2>$3
# mail must come from or go to this machine or machines we allow to relay--END