New check_* rulesets/patches for sendmail 8.9
Last Update 2003-02-22
Introduction
sendmail 8.8
introduced several
new rulesets
to check who can use your machine
to send/relay
e-mail and to avoid
UBE
from well known sites.
There are
standard rulesets
in
sendmail 8.9
to this effect
(see the release notes).
There is a
beta version
(last update: 1998-08-01)
(and an alpha version,
last update: 1999-07-25)
of a HACK for the
header checks
which may give you an impression of the possibilities and problems.
It provides
several simple rules and options
for header checks.
See also
Jan Krüger's
proposals.
There
is also a
beta version (last update: 1998-08-07)
(and an alpha version, last update: 1998-11-17)
of
check_rcpt
which provides those options that are currently missing in sendmail 8.9, esp.
_ALLOW_SOME_
and
_POPAUTH_.
This ruleset requires also
junk.m4
from the old
HACKs.
The alpha version
has a
new option
called
_RELAY_ACCESS_FROM_
which uses the
access map
instead, i.e.,
junk.m4
and
_ALLOW_SOME_
are no longer required.
So it can be used as:
define(`_RELAY_ACCESS_FROM_')
HACK(chk-rcpt)
in a
.mc
file.
Since there are several broken rulesets available which
cause the volunteers at
sendmail.org
additional work,
here is a ruleset for
sendmail 8.9 which is very simple:
HACK(`popauth')
Since there are now
multiple blacklists based on DNS,
of which
RBL
was the first,
I wrote
a patch (alpha version, last update: 1999-02-20))
to allow for arbitrary many blacklists
(some people have problems with the patch, so a
tar.gz file
with all changed files is available, too.)
Just put
FEATURE(rbl,`DNSLookupHost',`Error Message')
into the
.mc
file;
the second argument is optional,
it defaults to:
"Mail from " $&{client_addr} " refused by blackhole site DNSLookupHost"
Example:
FEATURE(rbl,`rbl.maps.vix.com',` Mail from $&{client_addr} rejected; see http://mail-abuse.org/rbl/')
FEATURE(rbl,`relays.orbs.org',` open relay $&{client_addr}; see: http://www.orbs.org')
FEATURE(rbl,`dul.maps.vix.com')
The patch file should be applied from
the cf/
directory of your
sendmail 8.9.3
distribution.
It contains patches for
feature/rbl.m4
,
m4/cfhead.m4
and
m4/proto.m4
.
Note:
make sure you quote the arguments (with ` and ') as shown in the example.
sendmail 8.10
provides this as
FEATURE(`dnsbl')
,
see
cf/README.
[(links)]
[Hints]
[Avoiding UBE]
[cf/README]
[New]
Copyright ©
Claus Aßmann
Please send comments to:
<ca at sendmail.org>
Disclaimer: the information provided may be inaccurate or outdated
or incomplete.
Please
contact me
if you find an error.