That said, however, many of these have evolved into FEATURE()s in 8.9;
see the Anti-Spam Configuration Control
section of the 8.9 cf/README for details.
And cf/cf/knecht.mc
in the distribution is always a good place
to check for anti-spam prototypes and examples. Meanwhile, for people still
using 8.8, these ruleset can be added to your configuration file (hint: if
using the M4 method, use LOCAL_RULESETS; if editing a .cf file directly,
add them to the end of the file) to get the effect indicated.
NOTE: If you copy rules from this page, you must change the whitespace between the fields to tabs. Sendmail will reject the rule if there are merely spaces between the fields. If your text editor changes tabs to spaces as they are entered, you may have to use another editor that does not.
Solution:
Mail must originate or terminate locally (on this host), with exceptions
made for hosts listed, one per line, in /etc/sendmail.cR
.
(In this incarnation, this ruleset does not allow relaying
within your domain, except for the hosts listed in
/etc/sendmail.cR
. Note carefully, you must list fully
qualified host names for each host you wish to allow relaying. Simply
listing a domain name is not enough.
Ideally, it would only restrict relaying from outside your domain.
This is particularly useful if you are using mail clients
such as MH or Eudora
that like to try to find an SMTP relay on the local network
to do outgoing mail submission.)
Code: (Downloadable version)
FR-o /etc/sendmail.cR Scheck_rcpt # anything terminating locally is ok R< $+ @ $=w > $@ OK R< $+ @ $=R > $@ OK # anything originating locally is ok R$* $: $(dequote "" $&{client_name} $) R$=w $@ OK R$=R $@ OK R$@ $@ OK # anything else is bogus R$* $#error $: "550 Relaying Denied"
Notes:
sendmail.cR
,
you can replace all occurrences of $=R
with $* $=R
in the ruleset above.
user%other.domain.com@your.domain.com
.
If you want to block this type of addressing, you'll need sendmail 8.8.6 or
greater and this change to the ruleset.
(Downloadable version)
Replace the first section:
# anything terminating locally is ok R< $+ @ $=w > $@ OK R< $+ @ $=R > $@ OKwith
# anything terminating locally is ok R$* $: $>Parse0 $>3 $1 R$+ < @ $* . > $* $: $1 < @ $2 > R$+ < @ $=w > $@ OK R$+ < @ $=R > $@ OK
Problem: Spam -- persistent, offensive mail from various sites.
Solution: Refuse connections from the spamming sites. This involves keeping a database of those sites; the key will be the host name of the site and the value will be what you want to say to them.
Code: (Downloadable version)
Kspammers hash /etc/spammers Scheck_relay R$+ $| $+ $: $(spammers $1 $: OK $) ROK $@ OK R$+ $#error $: 521 $1
Notes:
makemap hash /etc/spammers < /etc/spammers
Problem: You want to reject mail that has bogus host names in the MAIL FROM: SMTP command. (Also includes the previous fix, but modified so that it will deliver an insulting message back to the perpetrators.)
Solution: Check for validity in the MAIL command. In this case you have to permit people in the spammers database greater access to your server (e.g., they will be able to use VRFY and EXPN), but you can still prevent them from sending mail.
Warning: This ruleset is incompatible with the DeliveryMode=defer option, since it requires that a DNS lookup be done immediately upon mail receipt.
Code: (Downloadable version)
Kspammers hash /etc/spammers Scheck_mail # check for valid domain name R$* $: <?> $>3 $1 R<?> $* < @ $+ . > $: <OK> R<?> $* < @ $+ > $#error $: 451 Domain must resolve # check relay against spammers database R$* $: $(spammers $&{client_name} $: OK $) ROK $@ OK R$+ $#error $: 551 $1
Notes:
makemap hash /etc/spammers < /etc/spammers
Problem: Some bozo is mail-bombing me.
Solution: Keep a database of the bad guys. In this case the database key is ``user@host'' and the value is the error message you want to return.
Code: (Downloadable version)
Kbozos hash /etc/bozos C{Protected}eric Scheck_compat # if the recipient isn't protected, they get the mail R$+ $: <OK> $1 R<OK> $+ $| < $={Protected} @ $=w > $: <PROT> $1 R<OK> $+ $@ OK # check to see if the sender is a bozo R<PROT> $+ $| $+ $: $(bozos $1 $: OK $) ROK $@ OK R$+ $#error $: 551 $1Notes: