Re: sendmail/smail with relaying blocks?

To: Thomas König <Thomas.Koenig@ciw.uni-karlsruhe.de>
Cc: debian-devel@lists.debian.org
Subject: Re: sendmail/smail with relaying blocks?
From: Craig Sanders <cas@taz.net.au>
Date: Sat, 10 May 1997 13:09:39 +1000 (EST)
Message-id: <[🔎] Pine.LNX.3.96.970510124953.7810P-100000@siva.taz.net.au>
In-reply-to: <199705091549.RAA09990@mvmap66.ciw.uni-karlsruhe.de>

On Fri, 9 May 1997, Thomas Koenig wrote:

> ># block out some junkmailing scumbags
> >JUNKMAIL="208.9.64.0/24 208.9.65.0/24 207.14.212.0/24 208.1.117.0/24
> >          205.199.212.0/24 205.199.2.0/24"
> >
> >for i in $JUNKMAIL ; do
> >    /sbin/ipfwadm -I -a reject -P tcp -S $i
> >done
> 
> This sounds useful; I use something like that myself.
> 
> If that's made configurable, with an empty start file, I think this
> could easily be made part of a standard package, e.g:
> 
> for i in $(cat /etc/blocked_networks) ; do
>     /sbin/ipfwadm -I -a reject -P tcp -S $i
> done
> 
> If we distribute this with an empty config file, nobody could sue us
> for it.

The latest check_relay rule does this.  here's what the notes say:

    check_relay

    check_relay gets the host name and host address of the client
    separated by $| as parameters. This can be used as a substitute for
    TCPWRAPPERS . You can enable the code for TCPWRAPPERS by compiling
    sendmail with -DTCPWRAPPERS=1 . A small example is:

    F{DeniedIP} /etc/mail/DeniedIP
    F{DeniedNames} /etc/mail/DeniedNames

    where these files contain a list of IP addresses and hostnames which
    are not allowed to access your mailserver.

    Scheck_relay
    R$+ $| $={DeniedIP}$*           $#error $@ 5.7.1 $: "no access from your IP address"
    R$*$={DeniedNames} $| $*        $#error $@ 5.7.1 $: "no access from your host"

    (note the trailing/leading $* to match with incompletely specified
    IP addresses/names).

    Access will be refused with the error message: 

    550 Access denied

    and the error string will be logged. 

> > i sent a copy of the sendmail 8.8 anti-spam hacks (and some notes on
> > how to set it up) to the sendmail author a few months ago. 

i made a mistake above.  i said 'sendmail author', i meant 'debian package
maintainer' :-)

> > It hasn't been incorporated into the sendmail package yet - maybe i
> > should make a 'sendmail-antispam' package...
>
> Yep, good idea.

i've started on it already. Debian should be as spam-resistant as
possible.

> >2. do we (debian) distribute a 'Spammers' and 'SpamDomains' file with the
> >   package?  what are the legal ramifications of doing that?
> >
> >3. do we include a sample firewall rule file like the one above?  again,
> >   what are the legal ramifications?
> 
> I think it would be best to leave the relevant configuration files
> empty.  The rest is a local decisision.

yep.

craig

--
craig sanders
networking consultant                  Available for casual or contract
temporary autonomous zone              system administration tasks.


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Prev by Date: Re: sendmail/smail with relaying blocks?
Next by Date: berolist.deb
Previous by thread: Re: sendmail/smail with relaying blocks?
Next by thread: XFree86 installation problems...
Index(es):
- Date
- Thread