Re: sendmail/smail with relaying blocks?

[Craig Sanders <cas@taz.net.au>]

On Thu, 8 May 1997, Mark Baker wrote:

> In article <[🔎] 199705081601.SAA00338@mvmap66.ciw.uni-karlsruhe.de>,
> 	Thomas Koenig <ig25@mvmap66.ciw.uni-karlsruhe.de> writes:
> 
> > Do you think it would be wise to harden the Debian MTAs against mail
> > relaying by default?  This could seriously hinder spammers.
> 
> I believe the configuration file for exim as released by Philip does
> have mail relaying turned off by default, certainly the documentation
> recommends you turn it off. 
> 
> I don't know what's in Tim's debian package though, as I was already
> running exim when I upgraded to debian and used my old configuration
> file. 
> 
> I think you'll find most small time spammers just use their own ISP's
> mail host anyway, until they lose their accounts; the big ones get a
> leased line from AGIS :(

a lot of them use other hosts as relays. they do this because a)
somebody else pays for the bandwidth, and b) many people configure their
firewalls to block packets from known spamming sites. e.g.

# block out some junkmailing scumbags
JUNKMAIL="208.9.64.0/24 208.9.65.0/24 207.14.212.0/24 208.1.117.0/24
          205.199.212.0/24 205.199.2.0/24"

for i in $JUNKMAIL ; do
    /sbin/ipfwadm -I -a reject -P tcp -S $i
done

(do a whois on the network addresses to find out who this blocks - this
little code fragment blocks out at least 70% of my junkmail. it used
to block about 90% but i made the mistake of posting to a newsgroup
recently with my real email address)

i sent a copy of the sendmail 8.8 anti-spam hacks (and some notes on how to
set it up) to the sendmail author a few months ago.  It hasn't been
incorporated into the sendmail package yet - maybe i should make a
'sendmail-antispam' package...  

unfortunately, it's a bit hard to come up with a generic automated
installation.  the main issues involved are:

1. you can't just turn off all relaying, you have to know:

   - who to relay for  (IP addresses/domain names)
   - who to relay to   (IP addresses/domain names)

   the least dangerous way would be to just install the rules into
   /usr/lib/sendmail.cf/hacks, insert some commented out code into
   /etc/mail/sendmail.mc and document how to enable it.

   however, that means leaving relaying ON by default.

   maybe some script which used the system's hostname, domain name, and
   network address to generate RelayTo, LocalIP, and LocalNames files??

   As far as i can tell, if you block relaying by IP address, you have
   to list every individual IP address in the LocalIP file. You can't
   just specify a network address and a netmaks (e.g. 192.168.1.0/24)

2. do we (debian) distribute a 'Spammers' and 'SpamDomains' file with the
   package?  what are the legal ramifications of doing that?

3. do we include a sample firewall rule file like the one above?  again,
   what are the legal ramifications?

4. for items 2 & 3, who maintains the lists?  how can you trust that they
   wont accidentally or maliciously block mail from a non-spamming site?


ideally, this should be part of the sendmail package but in lieu of that,
i'm willing to make a debian package....however, i would like some
discussion of these issues before i start.

craig

--
craig sanders
networking consultant                  Available for casual or contract
temporary autonomous zone              system administration tasks.


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .