| Spamming
is so last century! Let's explore some solutions that can be used with
sendmail. We heavily recommend that you purchase the Sendmail Companion v 8.13 Book by O'Reilly (it's got two bats on the front!). This book has been invaluable to sysadmins worldwide! Here are our top tips: |
|
Just edit your sendmail.cf Using Claus Aßmann's rulesets (which most sysadmins consider the best), add the following HACK(check_mail3, btree -a@JUNK /etc/spam/junk) HACK(check_relay3, btree -a@JUNK /etc/spam/junk) HACK(use_ip, /etc/spam/LocalIP) HACK(use_names, /etc/spam/LocalNames) HACK(check_rcpt4)
tcp_wrappers take programs being run under inetd (see /etc/inetd.conf) and before ftpd, telnetd, etc... run, the connection first passes through a wrapper to check if the IP address of the source packet is coming from a trusted host or untrusted one. This can be done by source host name, domain name, raw IP address, and port number the connection is attempting to connect to. Sendmail 8.8 and later versions support the use of -DTCPWRAPPERS=1 for compilation. Just add the -lwrap library. TCP-Wrappers can be downloaded from ftp://ftp.win.tue.nl/pub/security/ The site also has a plethora of other useful security tools, such as securelib, portmap, satan, cops, and crack. If you are experienced in sendmail you can download a patch from ftp://ftp.win.tue.nl/pub/security/sendmail-tcpd.patch which integrates tcp_wrappers into the sendmail daemon itself! It should be said that this is not straightforward.
This routine is easiest used with the patch by Kyle Jones. Basically, it disallows all non-local e-mail traffic through your host. Make sure it isn't implemented correctly.
Basically, these lists contain lists of hosts known to spam. To implement this, some configuration of Sendmail is necessary. A macro config .mc file is easiest. Insert the following line to /etc/mail/sendmail.mc FEATURE(`dnsbl',`dnsbl.njabl.org',`"550 Mail from " $&{client_addr} " rejected - see http://njabl.org/"')dnl This itself should reduce spam significantly. A good list of Blackhole lists can be found at: http://www.declude.com/junkmail/support/ip4r.htm
After receipt of a mail message but prior to delivery of it, sendmail checks if any of a set of given regular expressions (e.g. viagra) matched in the headers or body of the mail. If positive matches occur, the message is filtered out and stored in the spamcan (~ /spamcan/.mail). This folder can be checked by the sysadmin regularly. Exceptions to the spamcan can be defined as needed. |
Search
Google for any of the books or topics covered by glenns.org.
