Wireless Group Policy WLAN Radius Part 3 WLAN Radius Config WLAN Client Config Linksys BEFSR41 Firmware Linksys BEFSR41 101 Linksys WAP54G config More Linksys BEFSR config Security how-to Writing DNS Zonefiles Is ZoneAlarm Spyware? Linksys Wishlist Sendmail spamblock Bind


Privacy Feedback

Blocking spam with Sendmail

Sendmail is a widely used mail server that is included in most Linux and Unix distributions. There are also commercial versions available for Windows NT and Windows 2000.

(Note: all paths and filenames below are the defaults with RedHat 8.0 and Sendmail 8.12.5. paths and file names may differ with other versions of Linux and Sendmail)

Using Realtime Blackhole lists

When running Sendmail, one can take advantage of Realtime Blackhole Lists. These are lists of hosts known to be sending out spam, and kept up to date by whoever maintains these lists. When using such features, Sendmail will drop the connection before receiving the e-mail, with the appropriate error message. Isn't that sweet? Not only are you reducing the amount of spam you're getting, but there's very little bandwidth wasted along the way.

In order to use this feature, you'll need to make changes to the configuration of Sendmail. The use of a macro config file (.mc) makes this a lot easier. By adding the following line to /etc/mail/sendmail.mc, you should start noticing a reduction of spam. 

FEATURE(`dnsbl',`dnsbl.njabl.org',`"550 Mail from " $&{client_addr} " 
rejected - see http://njabl.org/"')dnl

You can add more blackhole lists as well. Here's a good list of Blackhole lists ... pick two and see how it goes.


Using Access Database

Sendmail checks with a database to see who has what access. One of the features here is using the REJECT keyword. With this, you can reject connections from the specified IP address, IP subnet or domain name! Tired of getting spammed from Korea? You can block out all IP addresses from Korea, and the problem is gone. However, in order to use this, you need to make sure that the use of the Access Database is enabled in Sendmail. This is done with the following line in the /etc/mail/sendmail.mc file. 

FEATURE(`access_db',`hash -o /etc/mail/access.db')dnl

Once that's in there, and the macro config file has been compiled, Sendmail is ready to use the access database. If I recall correctly, this feature is enabled by default. There's also a minor difference in how this entry is listed (by default) in the sendmail.mc file between 8.11.x and 8.12.x. In 8.12 there's an addition "-T" parameter to the "hash" command. Just leave the line as it is, it's listed above just so you know what to look for. 

Also by default, there should be a couple of entries in the /etc/mail/access file. It should look something like this:

localhost.localdomain          RELAY
localhost                      RELAY                      RELAY

This is just to allow the local host (the server itself) to send and receive mail. 

In order to block mail, you'll need to add some rejects... Recently, I've been getting a lot of spam from a certain ISP in Brazil, so, I'm blocking all of it with the following line:

terra.com.br                   REJECT

This one line will reject all connections from all hosts within the "terra.com.br" domain. You can achieve the same effect (more or less) with the following line:

200.171.34.                    REJECT

This blocks that whole class-C subnet of IP addresses (belonging to the same Brazilian ISP).

Note that once you have added entries in the /etc/mail/access file, you need to re-create the actual database. This can be done with the following command, entered while in the /etc/mail directory:

make all

The only thing you need to do now, is figure out who to block out. I simply add hosts or domains when I receive spam from them. It's easy enough to find the IP address and/or domain name of the sender by checking the headers of the message. You can also search through the /var/log/maillog file to find the offender, and the real IP address of the sending mail server is bound to be in there. 

Don't accept mail from unresolvable domains!

One of the "tricks" that spammers use, is to send mail from made up domains. You can easily refuse mail from such domain with Sendmail. I don't recall what the default setting was, but at the bottom of the sendmail.mc file, there should be an entry looking like this:

dnl FEATURE(`accept_unresolvable_domains')dnl

The "dnl" in front indicates that the line should not be included when re-creating the configuration file, thus disabling the feature. Check your /var/log/maillog file for the following error message "reject=451 4.1.8", and you should see a nice list ...

© 1999-2005 Lars M. Hansen