This file contains a few explanations for several "HACK"s for sendmail 8.8 to reject e-mails from spammers and to prevent the abuse of your machine as a mail relay. A general explanation can be found at: and related WWW pages. 1997-12-30 This file explains only those rulesets which are under active maintainance. Explanations for older HACKs can be found in README.old.check ======================================== The HACKs are: check_mail3.m4 check_rcpt4.m4 check_relay3.m4 use_ip.m4 use_names.m4 use_relayto.m4 ======================================== and are used as follows: 1) check_mail3 (uses unified database with check_relay3 for matching): HACK(check_mail3) 2) check_rcpt4: HACK(use_ip) HACK(use_names) HACK(use_relayto) HACK(check_rcpt4) The first three may have a parameter to define the name of the file to be used. 3) check_relay, check_relay3 These work only if you have a patch (see above URL) or at least 8.8.6 HACK(check_relay) or HACK(check_relay3) ===================================================================== Some more explanations: 1997-12-22: the list of options will no longer be maintained here but at: 1) If you want to use check_mail3, do the following: Put HACK(check_mail3) [This has also an optional argument, the default is given below.] in your .mc file. Put addresses of well-known spammers (e-mail addresses, domains) in the appropriate database [default]: junk [dbm -a@JUNK /etc/mail/junk] (if you use another database format or another file, make sure you specify the option -a@JUNK !) The format is: junk.domain "Error-Code Error-Text" spammer@address.domain "Error-Code Error-Text" junk.domain JUNK spammer@address.domain SPAMMER Create the database (man makemap) in the chosen format. If the RHS is JUNK or SPAMMER, a default error text is used. Example: cyberpromo.com "571 Sorry, Spamford, no e-mail from your place." honey@sweeties.com "571 Honey, you're a spammer, go away." PS 1) You can activate the reverse IP lookup and the validity check of the FROM address by define(`_IP_LOOKUP_',1)dnl define(`_DNSVALID_',1)dnl respectively. define(`_DNSRELAY_',1)dnl enables the validity check of client_name, i.e., whether it resolved to a hostname, or whether it is a IP address (in square brackets, e.g., [127.2.3.4]) 2) check_mail2 and check_mail3 have a "backdoor" to accept some addresses without checking them. This can be activated with: define(`_ACCEPT_SOME_',`1') Default for the database is: dbm -o -a@ACCEPT /etc/mail/accept Other values can be given as argument, e.g., define(`_ACCEPT_SOME_',`hash -a@ACCEPT /etc/AcceptIt') Entries must have the form: user@address whatever domain whatever Note: The address must be given during the SMTP dialog in brackets: , so if you test the rules: don't forget the < > ! 3) Each check_mail version can now make use of Paul Vixie's RBL. See http://maps.vix.com/rbl/ It can be enabled with: define(`_MAPS_RBL_',`1') 1997-11-02 There is a hook for map-regex by Jan Krueger which you can download from Enable it with: HACK(checkregex) For further information see above URL. 1997-11-10 define(`_CHECK_TOPLEVEL_',`1') allows also the specification of top level domains as spammers/junk. Default is to check only up to the second level. 1997-12-12 define(`_CHECK_LOCALUSER_') activate the check whether a local address appears in passwd or aliases. 2) If you want to use check_rcpt, do the following: Decide whether you wan to use the check for local machines by IP number (use_ip) or by name (use_names). Next, decide whether you want also allow relay to several machines in addition to those you accept as local (class w). Depending on your selection, put some of the first three HACKs into your .mc file, and always use the last one. HACK(use_ip) HACK(use_names) HACK(use_relayto) All take an optional argument (the file to use). The default filenames are listed below. HACK(check_rcpt4) Put the appropriate values in the files: use_ip [/etc/mail/LocalIP] use_names [/etc/mail/LocalNames] use_relayto [/etc/mail/RelayTo] 1997-03-16: check_rcpt4 can now make use of use_ip and use_names. It replaces check_rcpt3, which is still available if there is a problem with the new version. 1997-11-19: There are two new defines for check_rcpt4: define(`_SPAM_FRIENDS_') define(`_CHECK_MAIL_IN_RCPT_') _CHECK_MAIL_IN_RCPT_ defines Scheckmail instead of Scheck_mail in all supplied check_mail*.m4 versions and calls checkmail after check_rcpt. _CHECK_RELAY_IN_RCPT_ (1997-12-13) does the same for check_relay. _SPAM_FRIENDS_ allows you to use a file (default: /etc/mail/SpamFriends, or as defined) to specify (local) accounts which should get mail regardless of any checks (this makes only sense if you don't have check_relay and check_mail or you use _CHECK_MAIL_IN_RCPT_!) 1997-12-13: define(`_MAP_SPAM_FRIENDS_') may be used instead of the plain text files for _SPAM_FRIENDS_. Default value for the map is: dbm -a@SPAMFRIEND /etc/mail/spam_friends Another may be used as parameter for the define (don't forget -a@SPAMFRIEND). The RHS of the map is ignored. 1997-11-28: check_rcpt4 now test for these defines: _CLASS_U_, _CLASS_V_, _CLASS_W_, _CLASS_X_, _CLASS_Y_ to enable rules for connected UUCP sites in remove_local (You have to have the HACK(check_rcpt4) after MAILER(UUCP)). See: and send me some feedback. 1997-12-06: check_rcpt4 may use a map instead of a class for RelayTo: define(`_RELAYTO_MAP_', `dbm -a@RELAYTO /etc/mail/relayto') The optional argument defines a map of hosts (domains) which may receive mail relayed through your system: You can't use this in combination with HACK(use_relayto) or the UUCP additions (not yet). 1997-12-13: A `backdoor' can be activated by define(`_ALLOW_SOME_') Then relaying is also allowed based on the envelope from address (given in MAIL FROM:). The define may have an argument, the default is: dbm -a@ALLOWED /etc/mail/allow It uses a map (allow) to give the domains and addresses which may use your mail server as a relay. The format is simple user@address.domain allow another.domain allow (if you use another database format or another file, make sure you specify the option -a@ALLOWED !) 3a) If you want to use check_relay, do the following: Put HACK(check_relay) [This has also an optional argument, the default is given below.] in your .mc file. Put the IP numbers of well-known spammers in the appropriate database [default]: junk [dbm /etc/mail/junk] The format is: D.X.Y.Z IP C.X.Y IP B.X IP A IP (full addresses, class C, B, or A nets) Create the database (man makemap) in the chosen format. 3b) If you want to use check_relay3, do the following: Put HACK(check_relay3) [This has also an optional argument, the default is given below.] in your .mc file. Put the IP numbers of well-known spammers in the appropriate database [default]: junk [dbm -a@JUNK /etc/mail/junk] (if you use another database format or another file, make sure you specify the option -a@JUNK !) The format is: D.X.Y.Z "Error text" C.X.Y "Error text" B.X "Error text" A "Error text" (full addresses, class C, B, or A nets) Create the database (man makemap) in the chosen format. If the RHS is JUNK, a default error text is used. This is the same database as used for check_mail3, just with the addition of IP numbers. ---------------------------------------- General options: _CHECK_MAP_TYPE_ define the map type (default dbm) for all maps used. ======================================== Conclusion: Make sure you understand what you do and you test this stuff before you use it on a production machine! See: for a debugging guide. I don't guarantee for anything! If you have any suggestions, comments, enhancements, please let me know. Claus Assmann Last update: 1997-12-30