## Stomping spam with Sendmail
## Jim Mock <jim@freebsdzine.org>

As many of you know, spammers are a problem, at the least an annoyance.
This article will cover some measures you can take with Sendmail 8.9.2 to
help stop spammers from abusing your mail server. 

The latest release of Sendmail, which is 8.9.2, has much needed anti-relay
prevention enabled by default.  Although the anti-spam rules can be
manually added to 8.8 configurations, it's much easier to upgrade to 8.9.2
and have the rules enabled by default.  If you need to be able to be a
promiscuous relay (I can't think of a good reason for this), you can use
FEATURE(promiscuous_relay) in 8.9.2 when you generate your sendmail.cf
file.  There are also additional measures available to stop spam, which
have been evolved from the hooks used in 8.8 to FEATURE()s in 8.9.2, which
will be covered below.  All info below originated from the Sendmail
anti-spam page.  Features you wish to implement should be placed in your
localsite.mc file before generating your sendmail.cf file. I won't get
into .mc files here, that's for another article.  See the Sendmail website
for more info on creating your  sendmail.cf file.  Also, only features
that are recommended for use are listed below. 

FEATURE(relay_entire_domain) 

This will allow any host in any of your local domains to be relayed. 

FEATURE(relay_based_on_MX) 

This allows relaying based on the MX records of the host portion of an
incoming recipient address. 

For example, if your server receives a recipient of user@host.com, and
host.com lists your server in it's MX records, the mail will be accepted.
This will stop spammers, but will not stop outsiders from using your
server as a relay for their site. 

FEATURE(access_db) 

This feature enables an "access" database (no, not Microsoft Access) in
which you can specify to accept or reject mail from certain domains.  This
is a good idea if you want to reject all mail originating from known
spammers.  The FEATURE macro can accept a second parameter giving the key
file definition for the database.  An example of this would be, 
FEATURE(access_db, hash -o /etc/mail/access). 

To get started, create a file in /etc/mail called access.  The table
itself uses email addresses, domain names, and network numbers as keys. 

 Here's an example of what you can put in the file. 

cyberpromo.com          REJECT
spam@spamsender.com     REJECT
192.168.212             REJECT

The above would refuse mail from any host within the cyberpromo.com domain
and any user from that domain, mail from spam@spamsender.com, and any host
on the 192.168.212.* network. 

The value part of the map can contain OK, RELAY, REJECT, DISCARD, or any
RFC 821 compliant error code along with a message.  The above terms mean
the following.. 

OK:             accept mail even if other rules would reject it
RELAY:          allow domain to relay through your SMTP server
REJECT:         reject the mail with a general purpose message
DISCARD:        discard the message completely using the $#discard mailer
### text:       where ### is the RFC 821 compliant error code and text is
		a message to return

An example of the above would be.. 

vhost.spammer.com       OK
another.domain.com      RELAY
my.host.com             OK
spammer.com             550 Blocked.  You send spam.

The above will accept mail from vhost.spammer.com, but would reject mail
from any other hosts at spammer.com with the indicated message.  It would
also accept mail from my.host.com, and allow relaying for 
another.domain.com. 

You can also use the access database to block sender addresses based on
the username of the address. For example.. 

ISendSpam@              550 Blocked.  Die spammer die!

The @ must be included after the user to tell sendmail to check the
username portion of the address. 

Since /etc/mail/access is a database, you need to use makemap to create
the database map from the text file.  To do so, you'd type the following
at the prompt.. makemap hash /etc/mail/access < /etc/mail/access.  Be
sure to kill and restart sendmail after generating the access.db file.  It
won't be read unless you restart sendmail. 

FEATURE(blacklist_recipients) 

This feature will allow you to add entries to the access database for
local users, hosts in your domain, or addresses in your domain that
shouldn't receive mail. 

badassbob               550 Mailbox disabled for this user.
vhost.domain.com        550 That host does not accept mail.
bad@host.domain.com     550 Mailbox disabled for this recipient.

The above would prevent badassbob@domain.com, any user on 
vhost.domain.com, and the address bad@host.domain.com from receiving mail. 

FEATURE(rbl) 

This causes sendmail to reject mail from any domains or IP addresses
listed in the Real-time Blackhole List. 

In closing, although Sendmail 8.9.2 denies relay by default, there are a
number of additional measures you can take to help stop spammers from
abusing you or your users. 

As always, if you find an error or have any comments on this document, let
me know.  I can be reached by email at <jim@freebsdzine.org>.

Good luck,

- Jim

$Id: sendmail.txt,v 1.1 2000/02/16 08:07:41 jim Exp $