Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.mira.net.au!news.netspace.net.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!newsfeeds.sol.net!hammer.uoregon.edu!news1.mpcs.com!fdma.com!nospam
From: nospam@dontSpam.fdma.com (Michael S. Scheidell)
Newsgroups: comp.unix.questions,comp.unix.misc,comp.unix.bsd.misc,comp.unix.bsd.bsdi.misc,comp.unix.admin,comp.security.unix,comp.security.misc
Subject: Re: Blocking domains that spam
Date: 24 Apr 1997 18:52:43 GMT
Organization: Florida Datamation, Inc.
Lines: 93
Message-ID: <slrn5lvavr.4gu.nospam@fdma.com>
References: <335eaf61.82196362@news.ioc.net> <5jnu2i$1al$1@izalco.nvl.army.mil> <5jo6s8$5to@cynic.portal.ca>
Reply-To: scheidell@fdma.com
NNTP-Posting-Host: fdma.fdma.com
X-Newsreader: slrn (0.8.7.1 QNX4)
Xref: euryale.cc.adfa.oz.au comp.unix.questions:98811 comp.unix.misc:28934 comp.unix.bsd.misc:3086 comp.unix.bsd.bsdi.misc:6747 comp.unix.admin:57341 comp.security.unix:33990 comp.security.misc:35466
In article <5jo6s8$5to@cynic.portal.ca>, Curt Sampson wrote:
>In article <5jnu2i$1al$1@izalco.nvl.army.mil>,
>Don Nichols <nichols@nvl.army.mil> wrote:
>
>>Now, since [qmail] can be run from inetd.conf, it can be tcp-wrapped.
>
>Sendmail uses the tcpwrap library directly for access control, if
>compiled with that option.
Actually, you don't even need the (slower) tcp_wrapper libs.
just sendmail 885 and these rules in S98:
It kills PHONEY.COM domains.
It kills spammers trying to relay.
It kills (via 'SpamUsers' file) known spam usernames
(delete,remove,more-money)
It kills (via 'SpamDomains file) known spam domains (cyberpromo,ispam,etc)
It kills (via 'BanDomains' file) sites that have open relays
It kills (via 'BanIps' file) who netblocks that harbor spammers
(see the discussions about 'agis' and cyberpromo in
news.admin.net-abuse.email)
###################################################################
### Ruleset 98 -- local part of ruleset zero (can be null) ###
###################################################################
S98
#check mail: smtp mail from:
Scheck_mail
F{SpamDomains} /etc/sendmail.SpamDomains
F{OkDomains} /etc/sendmail.OkDomains
F{SpamUsers} /etc/sendmail.SpamUsers
R$* $:$>3 $1 # canonicalize
#check for OK domains that wont resolve but we let in
R$* < @ $* $={OkDomains} > $* $@ok
R$* < @ $* $={OkDomains} . > $* $@ok
#check for spam domains and their subdomains
R$* < @ $* $={SpamDomains} > $* $#error $@ 5.1.8 $: "Email accepted for investigations@watchdog.ftc.gov. Thank you for your report of email abuse"
R$* < @ $* $={SpamDomains} . > $* $#error $@ 5.1.8 $: "Email accepted for investigations@watchdog.ftc.gov. Thank you for your report of email abuse"
# check for spam users
R$={SpamUsers} < @ $* > $* $#error $@ 5.1.8 $: "Email accepted for investigations@watchdog.ftc.gov. Thank you for your report of email abuse"
#reject (ver1.06)unresolvable hosts - first one allows dotted quads, second
# dumps any baddies
#R$* < @ [ $* ] > $* $@ok allow dotted quad froms
R$* < @ $* $~P > $* $#error $@ 5.7.1 $: "unresolvable; rejected. Check your DNS"
# this ruleset can replace tcpwrapping and firewalling
# relay=
Scheck_relay
F{BanDomains} /etc/sendmail.BanDomains
F{BanIPs} /etc/sendmail.BanIPs
R$*$={BanDomains} $| $* $#error $@ 5.7.1 $: "no access from your host - rejected"
R$+ $| $={BanIPs}$* $#error $@ 5.7.1 $: "no access from your netblk - rejected"
# anti-relay - - new - evaluated in check_rcpt
Scheck_rcpt
F{MyDomains} /etc/sendmail.MyDomains
F{MyUsers} /etc/sendmail.MyUsers
R$+ $: $(dequote "" $&{client_name} $) $| $1
R $| $* $@ok no client name: directly invoked
R$* $={MyDomains} $| $* $@ok from here
# class w is local anyway
R$* $=w $| $* $@ok from here
# not local
R$* $| $={MyUsers} $* $@ok users we can relay for
R$+ $| $* / dev / null $@ok to null
# not local, check rcpt
R$* $| $* $: $>3 $2
# remove local part, maybe repeatedly
R$*<@$*$={MyDomains}.>$* $>3 $1 $4
# something left then ng
R$*<@$+>$* $#error $@ 5.7.1 $: "553 sorry, we don't support relaying"
# test rule, use to check anti relay
SStart
R$* $$| $* $: $1 $| $2 fake for -bt mode, remove for real version
--
Michael S. Scheidell <>< <http://www.fdma.com/>
DataOnDemand Raid System <http://www.fdma.com/raid/>
I used to have an open mind till too much leaked out.