Recipe 6.1 Blocking Spam with the access DatabaseProblemBecause the bulk of mail arriving from specific sites is junk, you have been asked to configure sendmail to block all mail from those sites. SolutionAdd the addresses you want blocked to the /etc/mail/access text file. The key to each entry is the spammer's address, and the return is either DISCARD , to silently drop the mail; REJECT , to drop the mail with a standard error; or ERROR , to reject the mail with a customer error message. Use the makemap script to build a hash database from the text file. Next, create a sendmail configuration containing the access_db feature. Here is the required FEATURE macro: dnl Use the access database FEATURE(`access_db') Following the example in Recipe 1.8, rebuild the sendmail.cf file, copy the new sendmail.cf file to /etc/mail , and restart sendmail. DiscussionUse REJECT , ERROR , or DISCARD in the access database to block junk mail. The following sample access database blocks mail from three sites: example.com REJECT wrotethebook.net ERROR:5.7.1:550 Invalid mail source fake.ora.com DISCARD A telnet test shows what the remote site sees depending on the action defined in the database: # telnet localhost smtp Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 chef.wrotethebook.com ESMTP Sendmail 8.12.9/8.12.9; Fri, 22 Aug 2003 12:01:37 - 0400 HELO localhost 250 chef.wrotethebook.com Hello IDENT:UWSRv+Jij66J8vALUBVBECbGPVoU8OQe@localhost [127.0.0.1], pleased to meet you MAIL From:<crooks@example.com> 550 5.7.1 <crooks@example.com>... Access denied MAIL From:<thieves@wrotethebook.net> 550 5.7.1 <thieves@wrotethebook.net>... Invalid mail source MAIL From:<junk@fake.ora.com> 250 2.1.0 <junk@fake.ora.com>... Sender ok QUIT 221 2.0.0 chef.wrotethebook.com closing connection Connection closed by foreign host. Mail from example.com is rejected with an "Access denied" error because the example.com entry in the sample access database defines REJECT as the action taken for mail received from that domain. Mail from wrotethebook.net is rejected with the error "Invalid mail source," which was defined in the access database with the ERROR command. On the other hand, from the point of view of the remote system, mail from fake.ora.com appears to be accepted by the server. A sendmail -bt test is needed to see the effect of the DISCARD action defined in the access database for mail from fake.ora.com : # sendmail -bt ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> > check_mail junk@fake.ora.com check_mail input: junk @ fake . ora . com Basic_check_mail input: junk @ fake . ora . com tls_client input: $ MAIL D input: < > < ? > < ! "TLS_Clt" > < > D returns: < ? > < > < ? > < ! "TLS_Clt" > < > A input: < > < ? > < ! "TLS_Clt" > < > A returns: < > < ? > < ! "TLS_Clt" > < > TLS_connection input: $ < > < ? > < ! "TLS_Clt" > < > TLS_connection returns: OK tls_client returns: OK CanonAddr input: < junk @ fake . ora . com > canonify input: < junk @ fake . ora . com > Canonify2 input: junk < @ fake . ora . com > Canonify2 returns: junk < @ fake . ora . com > canonify returns: junk < @ fake . ora . com > Parse0 input: junk < @ fake . ora . com > Parse0 returns: junk < @ fake . ora . com > CanonAddr returns: junk < @ fake . ora . com > SearchList input: < + From > $ < F : junk @ fake . ora . com > < U : junk @ > < D : fake . ora . com > < > F input: < junk @ fake . ora . com > < ? > < + From > < > F returns: < ? > < > SearchList input: < + From > $ < U : junk @ > < D : fake . ora . com > < > U input: < junk @ > < ? > < + From > < > U returns: < ? > < > SearchList input: < + From > $ < D : fake . ora . com > < > D input: < fake . ora . com > < ? > < + From > < > D returns: < DISCARD > < > SearchList returns: < DISCARD > SearchList returns: < DISCARD > SearchList returns: < DISCARD > Basic_check_mail returns: $# discard $: discard check_mail returns: $# discard $: discard > /quit In this test, the address junk@fake.ora.com is processed through the check_mail ruleset, which checks the MAIL From : address. The check_mail ruleset processes the address and returns "discard," meaning that mail from fake.ora.com will be silently discarded. See AlsoThe cf/README file, Chapter 3, and Introduction to this chapter provide more information about the access database. The sendmail book covers the access database in Section 7.5. |