New check_* rulesets/patches for sendmail 8.9

Last Update 2003-02-22

Introduction

sendmail 8.8 introduced several new rulesets to check who can use your machine to send/relay e-mail and to avoid UBE from well known sites. There are standard rulesets in sendmail 8.9 to this effect (see the release notes).

New Rulesets

There is a beta version (last update: 1998-08-01) (and an alpha version, last update: 1999-07-25) of a HACK for the header checks which may give you an impression of the possibilities and problems. It provides several simple rules and options for header checks. See also Jan Krüger's proposals.

There is also a beta version (last update: 1998-08-07) (and an alpha version, last update: 1998-11-17) of check_rcpt which provides those options that are currently missing in sendmail 8.9, esp. _ALLOW_SOME_ and _POPAUTH_. This ruleset requires also junk.m4 from the old HACKs. The alpha version has a new option called _RELAY_ACCESS_FROM_ which uses the access map instead, i.e., junk.m4 and _ALLOW_SOME_ are no longer required. So it can be used as: 

define(`_RELAY_ACCESS_FROM_')
HACK(chk-rcpt)
in a .mc file.

POP-before-SMTP

Since there are several broken rulesets available which cause the volunteers at sendmail.org additional work, here is a ruleset for sendmail 8.9 which is very simple: 
HACK(`popauth')

Multiple DNS Blacklists

Since there are now multiple blacklists based on DNS, of which RBL was the first, I wrote a patch (alpha version, last update: 1999-02-20)) to allow for arbitrary many blacklists (some people have problems with the patch, so a tar.gz file with all changed files is available, too.) Just put 
FEATURE(rbl,`DNSLookupHost',`Error Message')
into the .mc file; the second argument is optional, it defaults to: 
"Mail from " $&{client_addr} " refused by blackhole site DNSLookupHost"
Example: 
FEATURE(rbl,`rbl.maps.vix.com',` Mail from $&{client_addr} rejected; see http://mail-abuse.org/rbl/')
FEATURE(rbl,`relays.orbs.org',` open relay $&{client_addr}; see: http://www.orbs.org')
FEATURE(rbl,`dul.maps.vix.com')
The patch file should be applied from the cf/ directory of your sendmail 8.9.3 distribution. It contains patches for feature/rbl.m4, m4/cfhead.m4 and m4/proto.m4. Note: make sure you quote the arguments (with ` and ') as shown in the example.

sendmail 8.10 provides this as FEATURE(`dnsbl'), see cf/README.

[(links)] [Hints] [Avoiding UBE] [cf/README] [New]
Copyright © Claus Aßmann Please send comments to: <ca at sendmail.org>
Disclaimer: the information provided may be inaccurate or outdated or incomplete. Please contact me if you find an error.