Anti-Spam Provisions in Sendmail 8.8

That said, however, many of these have evolved into FEATURE()s in 8.9; see the Anti-Spam Configuration Control section of the 8.9 cf/README for details. And cf/cf/knecht.mc in the distribution is always a good place to check for anti-spam prototypes and examples. Meanwhile, for people still using 8.8, these ruleset can be added to your configuration file (hint: if using the M4 method, use LOCAL_RULESETS; if editing a .cf file directly, add them to the end of the file) to get the effect indicated.

NOTE: If you copy rules from this page, you must change the whitespace between the fields to tabs. Sendmail will reject the rule if there are merely spaces between the fields. If your text editor changes tabs to spaces as they are entered, you may have to use another editor that does not.

Other anti-spam references

• The grand daddy of anti-spam sites, run by Scott Hazen Mueller.
• Zilker Internet Park's lawsuit against spammers
• A score-based anti-spam filter by Graham Toal (requires sendmail code changes).
• Claus Aßmann's Using check_* in sendmail 8.8
• Marty Lyons' Notes on Stopping U.C.E.
• Glenn Fleishman's Putting the Bam-Bam on Spam
• Fifis SPAM Archive
• MAPS TSI: Sendmail Version 8 anti-relay solutions
• Kai's SpamShield
• The Coalition Against Unsolicited Commercial E-Mail

This page was updated on 3 Sept 1998.

Preventing Relaying Through Your SMTP Port

Solution: Mail must originate or terminate locally (on this host), with exceptions made for hosts listed, one per line, in /etc/sendmail.cR. (In this incarnation, this ruleset does not allow relaying within your domain, except for the hosts listed in /etc/sendmail.cR. Note carefully, you must list fully qualified host names for each host you wish to allow relaying. Simply listing a domain name is not enough. Ideally, it would only restrict relaying from outside your domain. This is particularly useful if you are using mail clients such as MH or Eudora that like to try to find an SMTP relay on the local network to do outgoing mail submission.)

Code: (Downloadable version)

	FR-o /etc/sendmail.cR

	Scheck_rcpt
	# anything terminating locally is ok
	R< $+ @ $=w >		$@ OK
	R< $+ @ $=R >		$@ OK

	# anything originating locally is ok
	R$*			$: $(dequote "" $&{client_name} $)
	R$=w			$@ OK
	R$=R			$@ OK
	R$@			$@ OK

	# anything else is bogus
	R$*			$#error $: "550 Relaying Denied"

Notes:

• If you would prefer to list domains in sendmail.cR, you can replace all occurrences of $=R with $* $=R in the ruleset above.
• This rule doesn't block user%other.domain.com@your.domain.com. If you want to block this type of addressing, you'll need sendmail 8.8.6 or greater and this change to the ruleset. (Downloadable version) Replace the first section:

  	# anything terminating locally is ok
  	R< $+ @ $=w >		$@ OK
  	R< $+ @ $=R >		$@ OK
  

  with

  	# anything terminating locally is ok
  	R$*			$: $>Parse0 $>3 $1
  	R$+ < @ $* . > $*	$: $1 < @ $2 >
  	R$+ < @ $=w >		$@ OK
  	R$+ < @ $=R >		$@ OK
  

• If your site is a backup mail server for another site (you are a higher-numbered MX record for them), be sure to add the domain names of that site to your new sendmail.cR file.
• In 8.9, relaying is disabled by default.

Refuse Mail From Selected Relays

Problem: Spam -- persistent, offensive mail from various sites.

Solution: Refuse connections from the spamming sites. This involves keeping a database of those sites; the key will be the host name of the site and the value will be what you want to say to them.

Code: (Downloadable version)

	Kspammers hash /etc/spammers

	Scheck_relay
	R$+ $| $+		$: $(spammers $1 $: OK $)
	ROK			$@ OK
	R$+			$#error $: 521 $1

Notes:

• error message (value part of database entry) isn't actually used; instead, all commands are rejected with ``550 Access denied''.
• /etc/spammers is a database map and must be created with: makemap hash /etc/spammers < /etc/spammers
• In 8.9, FEATURE(access_db) takes care of this.

Insist On Valid Host Name In MAIL FROM: Command

Problem: You want to reject mail that has bogus host names in the MAIL FROM: SMTP command. (Also includes the previous fix, but modified so that it will deliver an insulting message back to the perpetrators.)

Solution: Check for validity in the MAIL command. In this case you have to permit people in the spammers database greater access to your server (e.g., they will be able to use VRFY and EXPN), but you can still prevent them from sending mail.

Warning: This ruleset is incompatible with the DeliveryMode=defer option, since it requires that a DNS lookup be done immediately upon mail receipt.

Code: (Downloadable version)

	Kspammers hash /etc/spammers

	Scheck_mail

	# check for valid domain name
	R$*			$: <?> $>3 $1
	R<?> $* < @ $+ . >	$: <OK>
	R<?> $* < @ $+ >	$#error $: 451 Domain must resolve

	# check relay against spammers database
	R$*			$: $(spammers $&{client_name} $: OK $)
	ROK			$@ OK
	R$+			$#error $: 551 $1

Notes:

• VRFY, EXPN, etc. will still work. Since it keys off the MAIL FROM: value, which is easily forged, it may be less effective than the previous solution.
• /etc/spammers is a database map and must be created with: makemap hash /etc/spammers < /etc/spammers
• In 8.9, unresolvable domains are rejected by default. Also, in 8.9, the /etc/spammers checks are replaced by the FEATURE(access_db).

Restrict Mail Acceptance

Problem: Some bozo is mail-bombing me.

Solution: Keep a database of the bad guys. In this case the database key is ``user@host'' and the value is the error message you want to return.

Code: (Downloadable version)

	Kbozos hash /etc/bozos
	C{Protected}eric

	Scheck_compat
	# if the recipient isn't protected, they get the mail
	R$+				$: <OK> $1
	R<OK> $+ $| < $={Protected} @ $=w >
					$: <PROT> $1
	R<OK> $+			$@ OK

	# check to see if the sender is a bozo
	R<PROT> $+ $| $+		$: $(bozos $1 $: OK $)
	ROK				$@ OK
	R$+				$#error $: 551 $1

• This one doesn't really work well because it doesn't handle angle brackets well.
• In 8.9, the FEATURE(access_db) takes over this function.

Other Anti-Spam Sites

• http://spam.abuse.net/spam/
• http://www.mids.org/nospam/