Date: Fri, 30 May 1997 19:09:53 -0700 (PDT) From: Alan Batie <batie@agora.rdrop.com> To: steve@ns1.cioe.com (Steve Ames) Cc: freebsd-isp@FreeBSD.ORG Subject: Re: sendmail: stop mail forwarding Message-ID: <199705310209.TAA00624@agora.rdrop.com> In-Reply-To: <199705310036.TAA25045@ns1.cioe.com> from "Steve Ames" at May 30, 97 07:36:32 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> What's the Q&D patch to sendmail.cf to stop people from being able to
> forward mail through? Can that be restricted by domain?
This is based on www.sendmail.org's filter, and excerpted from my .mc file:
LOCAL_CONFIG
# database of known spammers
Kspammers hash /etc/spammers
# relays file has key value where "value" == OK, eg:
# racsys.rt.rain.com OK
# slip-d0.rdrop.com OK
# racsys is a system I MX for
# slip-d0 is one of the dialup ports --- allows them to send outgoing mail
# If either sending host or destination is not in relays, it's rejected
Krelays hash /etc/relays
LOCAL_RULESETS
Scheck_rcpt
#
# This ruleset has two parts: first, check recipient, next check sender
# if the recipient didn't pass muster
#
# Check Recipient
#
# This rule checks for %hack addresses, eg user%ahost.domain@myhost.domain
# It either returns "OK" (the matching value in the database) or "CONTINUE"
# meaning the recipient didn't match, try checking the sender
# we can't just return because of the way the database lookups work
R< $+ % $+ @ $=w > $: $(relays $2 $: CONTINUE $)
# normal user@myhost.domain addresses; if match, return OK
R< $+ @ $=w > $@ OK
# user@myrelays.domain addresses ok
R< $+ @ $+ > $: $(relays $2 $: CONTINUE $)
# If one of the database lookups passed, then return OK now
ROK $@ OK
# Check Sender
#
# This kindof a dummy rule that just returns the name of the
# connecting host
R$* $: $(dequote "" $&{client_name} $)
# If they're us, return OK
R$=w $@ OK
# The following rule causes all addresses to pass in address test mode
# otherwise they always fail
R$@ $@ OK
# Look up the sender to see if they're one of our relays
R$* $: $(relays $&{client_name} $: FAIL $)
# If not, they've failed all the tests - bounce them
RFAIL $#error $: "550 Relaying Denied"
# If they haven't failed, they must be OK
R$* $@ OK
#
# This one is pretty much straight out of www.sendmail.org
# it checks to see that the sender is using a valid domain name
# then checks to see if they're a known spammer; I don't actually
# use that yet, as most are one-offs and not worth the effort.
# The domain check gets rid of 99% of the scam stuff, as most of
# the real businesses use real domains.
#
LOCAL_RULESETS
Scheck_mail
# check for valid domain name (incompatible with DeliveryMode=defer)
R$* $: <?> $>3 $1 make domain canonical
R<?> $* < @ $+ . > $: <OK> tag resolved names
R<?> $* < @ $+ > $#error $: 451 Domain must resolve
# check relay against spammers database
R$* $: $(spammers $&{client_name} $: OK $)
ROK $@ OK
R$+ $#error $: 551 $1
--
Alan Batie ______ It's not my fault! It's some guy
batie@agora.rdrop.com \ / named "General Protection"!
+1 503 452-0960 \ / --Ratbert
PGP FP: DE 3C 29 17 C0 49 \/ 7A 27 40 A5 3C 37 4A DA 52 B9
It is my policy to avoid purchase of any products from companies which
use unrequested email advertisements or telephone solicitation.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705310209.TAA00624>