From 76e2a878114e7b6390c0effc00d8798995e477d5 Mon Sep 17 00:00:00 2001 From: jmb Date: Sun, 19 Oct 1997 16:40:10 +0000 Subject: anti-spam filter used by the FreeBSD mailing lists. --- etc/mail/Makefile | 29 +++++++++++++++++++ etc/mail/README | 65 ++++++++++++++++++++++++++++++++++++++++++ etc/mail/sendmail.cf.additions | 40 ++++++++++++++++++++++++++ 3 files changed, 134 insertions(+) create mode 100644 etc/mail/Makefile create mode 100644 etc/mail/README create mode 100644 etc/mail/sendmail.cf.additions (limited to 'etc/mail') diff --git a/etc/mail/Makefile b/etc/mail/Makefile new file mode 100644 index 0000000..bc5a65e --- /dev/null +++ b/etc/mail/Makefile @@ -0,0 +1,29 @@ +default: +.if exists(/etc/mail/ips.txt) + mv -f /etc/mail/ips.txt /etc/mail/ips.txt.0 +.endif + fetch ftp://ftp.gulf.net/pub/docs/ips.txt + cat /etc/mail/ips.txt | cut -d ' ' -f 1 | \ + sed -e 's/$$/ #blocked. contact postmaster/' > \ + /etc/mail/ips.new + mv /etc/mail/ips.new /etc/mail/ips.txt +.if exists(/etc/mail/domains.txt) + mv -f /etc/mail/domains.txt /etc/mail/domains.txt.0 +.endif + fetch ftp://ftp.gulf.net/pub/docs/domains.txt + cat /etc/mail/domains.txt | cut -d ' ' -f 1 | \ + sed -e 's/$$/ #blocked. contact postmaster/' > \ + /etc/mail/domains.new + mv /etc/mail/domains.new /etc/mail/domains.txt + +install: + makemap hash /etc/mail/spamsites < /etc/mail/domains.txt +.if exists(/etc/mail/spamsites.local) + makemap -o hash /etc/mail/spamsites < /etc/mail/spamsites.local +.endif + makemap hash /etc/mail/denyip < /etc/mail/ips.txt +.if exists(/etc/mail/denyip.local) + makemap -o hash /etc/mail/denyip < /etc/mail/denyip.local +.endif + +all: default install diff --git a/etc/mail/README b/etc/mail/README new file mode 100644 index 0000000..f65b7ee --- /dev/null +++ b/etc/mail/README @@ -0,0 +1,65 @@ + Filtering out SPAM from your site + +Introduction: + The FreeBSD Project filters spam, unsolicited commerical +e-mail, from its mailing lists. The filter has two parts: databases +and rulesets. We have added three rulesets to /etc/sendmail.cf, +check_relay and check_mail and xlat. (xlat is for testing only, as +explained in /etc/mail/sendmail.cf.additions.) These rulesets use +two databases. The denyip, a list of IP addresses, and spamsites, +a list of domains. We do not accept mail from any machine that +matches a entry in either database. + +Filtering at your site: + To filter spam at your site you need to: + 1. modify your /etc/sendmail.cf, + 2. retrieve the database source files from the master site, + 3. make the databases and + 4. finally signal sendmail that the configuration file has changed. + +1. Modifying your /etc/sendmail.cf + Add the database declarations and the rulesets contained +in /etc/mail/sendmail.cf.additions to your .mc file. If you do +not use m4 to generate your /etc/sendmail.cf, add the database +declarations to your /etc/sendmail.cf. + +2. Fetching the database source files: + The database source files are available from Gulf Coast +Internet via anonymous FTP. The Makefile in /etc/mail will retreive +the source files for you: as root, type "cd /etc/mail; make" at +the command line. The previous version of the database source +files is moved to .0. Local additions should be kept in +separate files. We use spamsites.local and denyip.local. You may +want to diff the new versions of the files against the previous +versions to see what has changed. + +3. Make the databases: + As root, type "cd /etc/mail; make install" will build the +two databases from the retrieved source files and the local additions +files. + +4. Signaling sendmail: + Sendmail will reread its configuration whenever sendmail +receives a HUP signal. As root, type "kill -HUP `cat +/var/run/sendmail.pid`". Check sendmail's log file to be sure that +it has restarted. /var/log/maillog should contain the line: "Oct +15 08:59:16 hub sendmail[6565]: restarting /usr/sbin/sendmail on +signal". Most likely, the date, time, hostname and process id will +be differ. + +Testing the spam filter: + +How can I tell if its working: + The mail log file, /var/log/maillog, will contain a line +for every message filtered. The lines will be similar to one of +these two log entries: + +Check_mail rejects: +"Oct 15 02:43:26 hub sendmail[6565]: CAA06565: ruleset=check_mail, +arg1=, relay=xxx.isp.net [###.###.###.###], +reject=521 " + +Check_relay rejects: +Oct 19 04:45:24 hub sendmail[3503]: NOQUEUE: ruleset=check_relay, +arg1=imsp015.netvigator.com, arg2=205.252.144.206, relay=root@localhost, +reject=521 blocked.contact postmaster@FreeBSD.ORG diff --git a/etc/mail/sendmail.cf.additions b/etc/mail/sendmail.cf.additions new file mode 100644 index 0000000..f7a95ea --- /dev/null +++ b/etc/mail/sendmail.cf.additions @@ -0,0 +1,40 @@ +# database declarations +Kdenyip hash -o -a.REJECT /etc/mail/denyip.db +Kspamsites hash -o -a.REJECT /etc/mail/spamsites.db + +# called with host.tld and IP address of connecting host. +# ip address must NOT be in the "denyip" database +Scheck_relay +R$* $| [$+ $1 $| $2 should not be needed +R$* $| $+] $1 $| $2 same (bat 2nd ed p510) +R$* $| $* $: $1 $| $(denyip $2 $) +R$* $| $*.REJECT $#error $: 521 blocked. contact postmaster@FreeBSD.ORG ($2) +# host must *not* be in the "spamsites" database +R$+.$+.$+ $| $* $2.$3 $| $4 +R$+.$+ $| $* $: $(spamsites $1.$2 $) $| $3 +R$*.REJECT $| $* $#error $: 521 blocked. contact postmaster@FreeBSD.ORG ($1) +# Host must be resolvable, currently not used at hub.freebsd.org +#R$* $| $* $: <$1 $| $2> $>3 foo@$1 +#R <$*> $*<@$*.> $: $1 +#R <$*> $*<@$*> $#error $: 451 Domain does not resolve ($1) + +# called with envelope sender, "Mail From: xxx", of SMTP conversation +# +Scheck_mail +R$* $: $>3 $1 +R $* < @ $+ . > $: $2 +# R $* < @ $+ > $#error $: "451 Domain does not resolve" +R $* < @ $+ > $: $2 +R$+.$+.$+ $2.$3 +R$* $: $(spamsites $1 $: OK $) +ROK $@ OK +R$+.REJECT $#error $: 521 $1 + +# for testing check_relay and check_mail +# if we type "$|", sendmail will split this into two tokens "$" and "|" +# this rule glues prevent sendmail from splitting "$|" +# to use: /usr/sbin/sendmail -bt +# host.domain.tld $| 111.222.333.444 +Sxlat +R$* $$| $* $: $1 $| $2 +R$* $| $* $@ $>check_relay $1 $| $2 -- cgit v1.1