update spam countermeasures
add examples of using an access_db update .mc files to match recommendations on http://www.sendmail.org/m4/anti-spam.html (grrr.....should have been one commit did the last commit from a subdirectory)
This commit is contained in:
parent
54919b86a0
commit
762003080e
@ -1,13 +1,6 @@
|
|||||||
# $Id: Makefile,v 1.5 1998/09/13 23:14:20 brian Exp $
|
# $Id: Makefile,v 1.6 1999/01/31 15:21:15 jmb Exp $
|
||||||
|
|
||||||
install:
|
install:
|
||||||
/usr/sbin/makemap hash /etc/mail/spamsites < /etc/mail/block_domains.txt
|
/usr/sbin/makemap hash /etc/mail/access < /etc/mail/access.txt
|
||||||
.if exists(/etc/mail/spamsites.local)
|
|
||||||
/usr/sbin/makemap -o hash /etc/mail/spamsites < /etc/mail/spamsites.local
|
|
||||||
.endif
|
|
||||||
/usr/sbin/makemap hash /etc/mail/denyip < /etc/mail/block_ips.txt
|
|
||||||
.if exists(/etc/mail/denyip.local)
|
|
||||||
/usr/sbin/makemap -o hash /etc/mail/denyip < /etc/mail/denyip.local
|
|
||||||
.endif
|
|
||||||
|
|
||||||
all: install
|
all: install
|
||||||
|
@ -1,74 +1,17 @@
|
|||||||
# $Id: README,v 1.5 1998/09/02 01:34:57 brian Exp $
|
# $Id: README,v 1.5.2.1 1999/05/01 03:37:29 jkh Exp $
|
||||||
|
|
||||||
Filtering out SPAM from your site
|
Filtering out SPAM from your site
|
||||||
|
Sendmail now includes excellent tools block spam. These
|
||||||
|
tools are available as FEATUREs that you can add to your site's
|
||||||
|
.mc file. Proper use of these FEATUREs will prevent spammer from
|
||||||
|
using your site as a relay as well as significantly decrease the
|
||||||
|
amount of spam that arrives at your site. No set of anti-spam
|
||||||
|
tools will block all spam without blocking some portion of legitimate
|
||||||
|
mail as well. Therefore, these FEATUREs are designed to prevent
|
||||||
|
as much spam as possible without blocking legitimate mail.
|
||||||
|
|
||||||
Introduction:
|
These tools are discussed in /usr/src/contrib/sendmail/cf/README.
|
||||||
The FreeBSD Project filters spam, unsolicited commerical
|
Read the section entitled "ANTI-SPAM CONFIGURATION CONTROL". Example
|
||||||
e-mail, from its mailing lists. The filter has two parts: databases
|
usage and additional tools can be found in
|
||||||
and rulesets. We have rulesets to /etc/sendmail.cf, check_rcpt,
|
/usr/src/contrib/sendmail/cf/cf/knecht.mc.
|
||||||
check_relay, check_rbl, check_mail and xlat. (xlat is for testing
|
|
||||||
only, as explained in /etc/mail/sendmail.cf.additions.) These
|
|
||||||
rulesets use three databases. The denyip, a list of IP addresses,
|
|
||||||
spamsites, a list of domains, and fakenames, a list of bogus
|
|
||||||
usernames (such as investor and success). We do not accept mail
|
|
||||||
from any machine that matches a entry in either database, or users
|
|
||||||
in the fakenames database.
|
|
||||||
|
|
||||||
Filtering at your site:
|
|
||||||
To filter spam at your site you need to:
|
|
||||||
1. modify your /etc/sendmail.cf,
|
|
||||||
2. create a list of domains/ips you wish to block
|
|
||||||
3. make the databases and
|
|
||||||
4. finally signal sendmail that the configuration file has changed.
|
|
||||||
|
|
||||||
1. Modifying your /etc/sendmail.cf
|
|
||||||
Add the database declarations and the rulesets contained
|
|
||||||
in /etc/mail/sendmail.cf.additions to your .mc file. If you do
|
|
||||||
not use m4 to generate your /etc/sendmail.cf, add the database
|
|
||||||
declarations to your /etc/sendmail.cf.
|
|
||||||
|
|
||||||
2. Put the list of domains you wish to block in /etc/mail/spamsites
|
|
||||||
|
|
||||||
3. Make the databases:
|
|
||||||
As root, type "cd /etc/mail; make install" will build the
|
|
||||||
two databases from the retrieved source files and the local additions
|
|
||||||
files.
|
|
||||||
|
|
||||||
4. Signaling sendmail:
|
|
||||||
Sendmail will reread its configuration whenever sendmail
|
|
||||||
receives a HUP signal. As root, type "kill -HUP `cat
|
|
||||||
/var/run/sendmail.pid`". Check sendmail's log file to be sure that
|
|
||||||
it has restarted. /var/log/maillog should contain the line: "Oct
|
|
||||||
15 08:59:16 hub sendmail[6565]: restarting /usr/sbin/sendmail on
|
|
||||||
signal". Most likely, the date, time, hostname and process id will
|
|
||||||
be differ.
|
|
||||||
|
|
||||||
Testing the spam filter:
|
|
||||||
|
|
||||||
How can I tell if its working:
|
|
||||||
The mail log file, /var/log/maillog, will contain a line
|
|
||||||
for every message filtered. The lines will be similar to one of
|
|
||||||
these two log entries:
|
|
||||||
|
|
||||||
Check_mail rejects:
|
|
||||||
Oct 15 02:43:26 hub sendmail[6565]: CAA06565: ruleset=check_mail,
|
|
||||||
arg1=<announce@martianconsulate.com>, relay=xxx.isp.net [###.###.###.###],
|
|
||||||
reject=521 <announce@martianconsulate.com>
|
|
||||||
|
|
||||||
Nov 30 15:56:37 hub sendmail[15058]: PAA15058: ruleset=check_mail,
|
|
||||||
arg1=<ultramax@s2.eddelwissl.NET>, relay=relay.somewhere.com
|
|
||||||
[###.###.###.###], reject=451 <ultramax@s2.eddelwissl.NET>... Domain
|
|
||||||
does not resolve
|
|
||||||
|
|
||||||
|
|
||||||
Check_relay rejects:
|
|
||||||
Oct 19 04:45:24 hub sendmail[3503]: NOQUEUE: ruleset=check_relay,
|
|
||||||
arg1=imsp015.netvigator.com, arg2=205.252.144.206, relay=root@localhost,
|
|
||||||
reject=521 blocked.contact postmaster@FreeBSD.ORG
|
|
||||||
|
|
||||||
check_rcpt reject:
|
|
||||||
Nov 30 15:04:08 hub sendmail[12390]: PAA12390: ruleset=check_rcpt,
|
|
||||||
arg1=investor@100percent.per.year.com, relay=newfed.frb.gov
|
|
||||||
[198.3.221.5], reject=553 investor@100percent.per.year.com...
|
|
||||||
521<investor@100percent.per.year.com>#blocked.contact postmaster
|
|
||||||
Sun Nov 16 11:40:53 PST 1997
|
|
||||||
|
@ -1,125 +0,0 @@
|
|||||||
# $Id:$
|
|
||||||
#
|
|
||||||
# list of hosts and domains for whom we relay mail.
|
|
||||||
# all .forward hosts, domains must be listed in this file.
|
|
||||||
# same for hosts and domains in /etc/aliases
|
|
||||||
F{LocalIP}-o /etc/mail/Local-IP
|
|
||||||
F{RelayTo}-o /etc/mail/Relay-Hosts
|
|
||||||
|
|
||||||
# database declarations
|
|
||||||
Kdenyip hash -o -a.REJECT /etc/mail/denyip.db
|
|
||||||
Kfakenames hash -o -a.REJECT /etc/mail/fakenames.db
|
|
||||||
Kspamsites hash -o -a.REJECT /etc/mail/spamsites.db
|
|
||||||
|
|
||||||
# helper rulsesets; useful for debugging sendmail configurations
|
|
||||||
#
|
|
||||||
#
|
|
||||||
Scheck_rbl
|
|
||||||
# lookup up an ip address in the Realtime Blackhole List.
|
|
||||||
R$-.$-.$-.$- $: $(host $4.$3.$2.$1.rbl.maps.vix.com $:OK $)
|
|
||||||
|
|
||||||
Sxlat # for sendmail -bt
|
|
||||||
# sendmail treats "$" and "|" as two distinct tokens
|
|
||||||
# this rule "pastes" them together into one token
|
|
||||||
# and then calls check_relay.
|
|
||||||
R$* $$| $* $: $1 $| $2
|
|
||||||
R$* $| $* $@ $>check_relay $1 $| $2
|
|
||||||
|
|
||||||
Scheck_relay
|
|
||||||
# called with "hostname.tld $| IP address" of connecting host.
|
|
||||||
# hostname.tld is the fully-qualified domain name
|
|
||||||
# IP address is dotted-quad with surrounding "[]" brackets.
|
|
||||||
#
|
|
||||||
# each group of rules in this ruleset is independent.
|
|
||||||
# each accepts and return "hostname.tld $| IP address"
|
|
||||||
# use the ones that you want comment out the rest
|
|
||||||
# you may rearrange the groups but not the rules in each group.
|
|
||||||
# each group is preceded and followed by a comment
|
|
||||||
#
|
|
||||||
# host must NOT be in the "spamsites" database--BEGIN
|
|
||||||
R$* $| $* $: <$1 $| $2> $1
|
|
||||||
R<$*> $+.$+.$+ <$1> $3.$4
|
|
||||||
R<$*> $+.$+ $: <$1> $(spamsites $2.$3 $)
|
|
||||||
R<$*> $*.REJECT $#error $: 521 blocked. contact postmaster@$m
|
|
||||||
R<$*> $* $: $1
|
|
||||||
# host must NOT be in the "spamsites" database--END
|
|
||||||
# ip address must NOT be in the "denyip" database--BEGIN
|
|
||||||
R$* $| $* $: $1 $| $(denyip $2 $)
|
|
||||||
R$* $| $*.REJECT $#error $: 521 blocked. contact postmaster@$m
|
|
||||||
# ip address must NOT be in the "denyip" database--END
|
|
||||||
R$* $@ OK
|
|
||||||
|
|
||||||
Scheck_mail
|
|
||||||
# called with envelope sender (everything after ":") in
|
|
||||||
# "Mail From: xxx", of SMTP conversation
|
|
||||||
# may or may not have "<" ">"
|
|
||||||
# the groups of rules in this ruleset ARE NOT independent.
|
|
||||||
# "remove all RFC-822 comments" must come first
|
|
||||||
# "Connecting Host" and "Paul Vixie's RBL" must be last
|
|
||||||
#
|
|
||||||
# use the ones that you want comment out the rest
|
|
||||||
# each group is preceded and followed by a comment
|
|
||||||
#
|
|
||||||
# remove all RFC-822 comments--BEGIN
|
|
||||||
# MUST be first rule in check_mail rulseset.
|
|
||||||
R$* $: $>3 $1
|
|
||||||
# remove all RFC-822 comments--END
|
|
||||||
# mail must come from a DNS resolvable host--BEGIN
|
|
||||||
R$* < @ $+ . > $: $1 @ $2
|
|
||||||
R$* < @ $+ > $#error $@ 4.1.8 $: "451 Domain does not resolve"
|
|
||||||
# mail must come from a DNS resolvable host--END
|
|
||||||
# mail must NOT come from a known source of spam--BEGIN
|
|
||||||
R$+ @$+ $: <$1@$2> $2
|
|
||||||
R<$*> $+.$+.$+ <$1> $3.$4
|
|
||||||
R<$*> $* $: $(spamsites $2 $: OK $)
|
|
||||||
R$+.REJECT $#error $@ 5.7.1 $: 550 $1
|
|
||||||
R<$*> $* $: $1
|
|
||||||
# mail must NOT come from a known source of spam--END
|
|
||||||
# Connecting Host must resolve--BEGIN
|
|
||||||
R$* $: $1 $: $(dequote "" $&{client_name} $)
|
|
||||||
R$* $: $>3 foo@$1
|
|
||||||
R<$*> $*<@$*> $#error $@ 4.1.8 $: "451 Domain does not resolve"
|
|
||||||
# Connecting Host must resolve--END
|
|
||||||
# ip address must NOT be in Paul Vixie's RBL--BEGIN
|
|
||||||
R$* $: $1 $: $(dequote "" $&{client_addr} $)
|
|
||||||
R$* $: $>check_rbl $1
|
|
||||||
R$*.com. $#error $@ 5.7.1 $: "550 Mail refused, see http://maps.vix.com/rbl"
|
|
||||||
# ip address must NOT be in Paul Vixie's RBL--END
|
|
||||||
R$* $@ OK
|
|
||||||
|
|
||||||
Scheck_rcpt
|
|
||||||
# called with envelope recipient (everything after ":") in
|
|
||||||
# "Rcpt To: xxx", of SMTP conversation
|
|
||||||
# may or may not have "<" ">" and or RFC-822 comments.
|
|
||||||
# let ruleset 3 clean this up for us.
|
|
||||||
#
|
|
||||||
# do NOT reorder these two groups of rules.
|
|
||||||
# restrict mail relaying to host and domains listed in /etc/sendmail.cR
|
|
||||||
#
|
|
||||||
# mail must NOT be addressed "fakenames"--BEGIN
|
|
||||||
R$* $: <$1> $>3 $1
|
|
||||||
R<$*> $+ < @ $+ > $: <$1> $(fakenames $2 $: OK $)
|
|
||||||
R$+.REJECT $#error $@ 5.2.1 $: 550 $1
|
|
||||||
R<$*> $* $: $1
|
|
||||||
# mail must NOT be addressed "fakenames"--END
|
|
||||||
# mail must come from or go to this machine or machines we allow to relay--BEGIN
|
|
||||||
# from http://www.informatik.uni-kiel.de/%7Eca/email/check.html#check_rcpt
|
|
||||||
R$+ $: $(dequote "" $&{client_addr} $) $| $1
|
|
||||||
R0 $| $* $@ ok
|
|
||||||
R$={LocalIP}$* $| $* $@ ok
|
|
||||||
# not local, check rcpt
|
|
||||||
R$* $| $* $: $>3 $2
|
|
||||||
# remove local part, maybe repeatedly
|
|
||||||
R$+ $:$>removelocal $1
|
|
||||||
# still something left?
|
|
||||||
R$*<@$+>$* $#error $@ 5.7.1 $: 550 we do not relay
|
|
||||||
#
|
|
||||||
Sremovelocal
|
|
||||||
# remove RelayTo part (maybe repeatedly)
|
|
||||||
# R$*<@$*$={RelayTo}.>$* $>3 $1 $4
|
|
||||||
R$*<@$=w.>$* $: $>removelocal $>3 $1 $3
|
|
||||||
R$*<@$*>$* $@ $1<@$2>$3
|
|
||||||
# dequote local part
|
|
||||||
R$- $: $>3 $(dequote $1 $)
|
|
||||||
R$*<@$*>$* $: $>removelocal $1<@$2>$3
|
|
||||||
# mail must come from or go to this machine or machines we allow to relay--END
|
|
Loading…
Reference in New Issue
Block a user