|
Sendmail and spam preventing
The original of this article located here
A feature in the sendmail.cf configuration file for UnixWare sendmail(1M) may be used to prevent
your machine from being used as an SMTP mail relay. It prevents spammers from making their mail
appear as if it comes from your site. You should turn this feature on in all cases except where
unconditional relay capabilities are needed.
This feature uses the sendmail check_rcpt ruleset to implement a check during the SMTP dialogue.
The RCPT command in SMTP specifies an envelope recipient's address:
RCPT To:
The check_rcpt ruleset uses the following algorithm to determine whether to accept or reject
the incoming mail during the SMTP dialogue:
If the recipient address specified by the RCPT command is a local address, accept the message.
If the recipient is addressed to the local hostname (or any of its alternate names), the local
domain, or a sub-domain of the local domain, then accept the message.
If the Multihome channel is enabled, and the recipient is addressed to one of the virtual
hostnames, then accept the message.
If the connecting host (sender) is listed in a table of trusted hosts, then accept the message.
If the IP address of the connecting host is listed in a table of trusted hosts, then accept the message.
Otherwise, reject the message.
If the mail is rejected, sendmail issues the following error message during the SMTP dialogue,
and writes it to the system log file as well:
Relay mail from to denied
By default, this feature is enabled in sendmail.cf, which must be hand-altered to disable it.
To disable the check, set the Check_Rcpt macro to a null value by changing the following line
in sendmail.cf:
D{Check_Rcpt} ON
to the following:
D{Check_Rcpt}
To create a list of trusted hosts from which mail relaying is accepted (as described in steps
4 and 5 of the algorithm above), create a file with pathname /etc/mail/table/trusted, whose
entries are of the form:
hostname accept
ip_address accept
The left hand side specifies either the hostname or the IP address of the site from which we
will accept mail relays. The right hand side contains the string accept. A string on the right-hand
side is mandatory for the database to be created correctly. The left and right sides are separated
by the character.
For example, if you wish to accept mail relays from hostname trusted.engr.mycompany.com, add the
following entry to /etc/mail/table/trusted:
trusted.engr.mycompany.com accept
If you want to accept relays from an IP number, an example entry might be:
123.456.789.10 accept
You can also use an asterisk (*) wildcard to match an entire domain or IP address range. For example:
*.domain.com accept
123.456.789.* accept
When specifying wildcards for IP addresses, you must use an asterisk for each portion of the
dotted quad which will be matched. For example, the following is valid syntax:
123.456.*.* accept
However, this is not:
123.456.* accept
The list of trusted hosts is not mandatory. Do not create one if you wish to reject all
attempts to use the local host as a mail relay. However, if your mail configuration includes
IMAP clients which use the local host as a mail server, you will want to add the IMAP clients
to the list of trusted hosts.
After you have created the file /etc/mail/table/trusted, you must create its associated
database by executing the following command:
/etc/mail/makemap hash /etc/mail/table/trusted < /etc/mail/table/trusted
As a final step, stop and restart the sendmail daemon to load all of the configuration
changes by executing the following commands:
/etc/mail/sendmailrc stop
/etc/mail/sendmailrc start
|
|