Anti-spam measures
Gjermund Sxrseth gjermund at nextel.no
Mon Jan 19 18:45:24 CET 1998
Not sure if this is the right forum to discuss methods for preventing spam/relaying with sendmail, but since the question came up, and what you describe here is pretty much exactly like a package I've already implemented: Poul-Henning Kamp wrote: > One of the best things to do, would probably be to make a > simple turnkey kind of sendmail config available to people. > > It should be possible for people to maintain four files on > their system and have sendmail DTRT for them after that: > > /etc/sendmail.our_ip: > 192.168.1.0/24 > 10.0.0.0/22 > > /etc/sendmail.our_domains: > foo.bar.com > some.customer.domain.xx > > /etc/sendmail.we_mx_for: > bar.foo.com > > /etc/sendmail.people_we_dont_talk_to > cyberpromo.com > 203.43.43.0/22 > > Now that would be a worthwhile project to do... My implementation uses two config files - one for access control and one for relay control. A typical access-control file could look like this: deny bozo at domain.com deny @cyberpromo.com permit 192.2.49 deny 192.2 The deny/permit rules work like you would expect - a most-exact-match is performed. In this case mail from sender address "bozo at domain.com" and from everyone at cyberpromo.com will not be accepted. Connections from clients with IP addresses that start with 192.2 will not be accepted either, except those that start with 192.2.49. A typical relay-control file could look like this: # IP address ranges that can relay anywhere: # 127 10.127.99 # Our own addresses 195.18.159 # Customer X 163.22 # Customer Y 100.22.2.56 # Mail server Z # # Domain names we accept mail for: # mydomain.com another-domain.com yet-another-domain.com # include sendmail.cw include mailertable include secondary-mx This file contains two types of information - a collection of IP address ranges that can relay mail anywhere through us, and a list of domain names that we accept mail from from anywhere. The mail server will accept mail destined for the domain names in this file from ANYWHERE, and will accept mail for OTHER domains ONLY from clients whose IP adresses are in this file. Which provides complete relay control. To make maintanance easier, you can see that you may "include" the contents of other common sendmail files so that you don't need to maintain more then one copy of the list of domain names you accept mail for. Useful for large ISP's like ourselves. (The URL is ftp://ftp.xyzzy.no/sendmail/access.tar.Z) -- Gjermund Sxrseth, Telenor Nextel
[ lir-wg Archives ]