| View previous topic :: View next topic |
| Author |
Message |
Rroet
Apprentice
Joined: 27 May 2002
Posts: 176
Location: The Hague, The Netherlands
|
 Posted: Fri Oct 25, 2002 6:08 am Post subject: Howto: Securing Sendmail against open relays. |
 |
|
Hi,
I've played arround with sendmail a lot the last year, and I want to share the knowledge. These are just a few of the RBL-servers online, if you have more.... please append them. This will help secure the servers more and more against open relay servers.
The following code should be added to your /etc/mail/sendmail.mc and don't forget to hash your sendmail.mc to sendmail.cf like this: m4 sendmail.mc > sendmail.cf:
| Code: |
FEATURE(blacklist_recipients)
FEATURE(`dnsbl', `relays.ordb.org', `"550 Mail from " $&{client_addr} " rejected - see http://www.ordb.org/faq/"')dnl
FEATURE(`dnsbl', `bl.spamcop.net', `"550 Mail from " $&{client_addr} " rejected - see http://spamcop.net/bl.shtml?"$&{client_addr}')dnl
FEATURE(`dnsbl', `relays.osirusoft.com', `"550 Mail from " $&{client_addr} " rejected - see http://relays.osirusoft.com')dnl
FEATURE(`dnsbl', `proxy.relays.monkeys.com', `"550 Mail from " $&{client_addr} " rejected')dnl
FEATURE(`delay_checks')dnl
|
You need to add the feature "blacklist_recipients" to be able to pass the senders serverserveraddress through the blacklist servers... After that I've added as much "FREE" servers as I could find.
the "FEATURE(`delay_checks')dnl" is a feature which is not specifically needed, all it does is create some extra output in the /etc/mail/mail.log so you can find which server / which e-mailaddress tried to spam your server. |
|
| Back to top |
|
 |
col
l33t
Joined: 08 May 2002
Posts: 820
Location: Melbourne - Australia
|
| Posted: Wed Oct 30, 2002 7:14 am Post subject: |
|
|
| very cool ... I have been looking for an anit-spam solution |
|
| Back to top |
|
|
Xor
Tux's lil' helper
Joined: 07 Jul 2002
Posts: 144
|
| Posted: Wed Oct 30, 2002 6:05 pm Post subject: |
|
|
this are mine I use...
relays.ordb.org relays.visi.com dnsbl.njabl.org
they are quite good and quick.... trust me.... know first hand  |
|
| Back to top |
|
|
col
l33t
Joined: 08 May 2002
Posts: 820
Location: Melbourne - Australia
|
| Posted: Wed Oct 30, 2002 10:13 pm Post subject: |
|
|
| how would you put any exception in ? ....like say you need to recieve mail from some ISP that has been blacklisted ?? |
|
| Back to top |
|
|
Rroet
Apprentice
Joined: 27 May 2002
Posts: 176
Location: The Hague, The Netherlands
|
| Posted: Thu Oct 31, 2002 6:40 am Post subject: |
|
|
I don't. My clients know about this and support it. The fight against openrelays is harsh and it has to be done.
I think you can fix it though. check your /etc/mail/access file. You should be able to open relays in here 
_________________
Workstation: Shuttle SN85G4v2, AMD64 3200+, 512MB, 250GB sata, Radeon 9800 Pro.
Server 1: here
Server 2: here |
|
| Back to top |
|
|
|
Networking & Security
