glennns.org logo
sendmail antispam logo
bar

Spamming is so last century! Let's explore some solutions that can be used with sendmail.

We heavily recommend that you purchase the Sendmail Companion v 8.13  Book by O'Reilly (it's got two bats on the front!).  This book has been invaluable to sysadmins worldwide!

Here are our top tips:








  • Turn Off Relaying for Non-Local Users -- Sendmail V8 (aka 8.x) is the most popular Unix MTA and turning off relaying is really simple!

Just edit your sendmail.cf

Using Claus Aßmann's rulesets (which most sysadmins consider the best), add the following

HACK(check_mail3, btree -a@JUNK /etc/spam/junk)
HACK(check_relay3, btree -a@JUNK /etc/spam/junk)
HACK(use_ip, /etc/spam/LocalIP)
HACK(use_names, /etc/spam/LocalNames)
HACK(check_rcpt4)


  • Using tcp_wrappers

tcp_wrappers take programs being run under inetd (see /etc/inetd.conf) and before ftpd, telnetd, etc... run, the connection first passes through a wrapper to check if the IP address of the source packet is coming from a trusted host or untrusted one.  This can be done  by source host name, domain name, raw IP address, and port number the connection is attempting to connect to.

Sendmail 8.8 and later versions support the use of  -DTCPWRAPPERS=1 for compilation. Just add the -lwrap library.

TCP-Wrappers can be downloaded from ftp://ftp.win.tue.nl/pub/security/

The site also has a plethora of other useful security tools, such as securelib, portmap, satan, cops, and crack.

If you are experienced in sendmail you can download a patch from

ftp://ftp.win.tue.nl/pub/security/sendmail-tcpd.patch

which integrates tcp_wrappers into the sendmail daemon itself!  It should be said that this is not straightforward.




  • Using checkcompat()

This routine is easiest used with the patch by Kyle Jones.  Basically,  it disallows all non-local e-mail traffic through your host.  Make sure it isn't implemented correctly.


  • Realtime Blackhole Lists

Basically, these lists contain lists of hosts known to spam. 

To implement this, some configuration of Sendmail is necessary. A macro config .mc file is easiest.  Insert the following line to /etc/mail/sendmail.mc

FEATURE(`dnsbl',`dnsbl.njabl.org',`"550 Mail from " $&{client_addr} "
rejected - see http://njabl.org/"')dnl

This itself should reduce spam significantly.

A good list of Blackhole lists can be found at:

http://www.declude.com/junkmail/support/ip4r.htm

  • Spamcan

After receipt of a mail message but prior to delivery of it, sendmail checks if any of a set of given regular expressions (e.g. viagra) matched in the headers or body of the mail.  If positive matches occur, the message is filtered out and stored in the spamcan (~ /spamcan/.mail).  This folder can be checked by the sysadmin regularly.  Exceptions to the spamcan can be defined as needed.












With about an hour of tweaking almost any sendmail V8 configuration can be secured.


bar


Search Google for any of the books or topics covered by glenns.org.


Google
 
Web www.adobe.com
www.amazon.com www.wikipedia.org



tiled washers

© glenns.org 2006


partner sites: www.ethical-finance.com   www.tumtree.com     www.multamap.com   www.babybusinesscenter.com www.chaplaincy.net 
babybusinesscenter tesco codes insurancetravelguide.com