Re: sendmail/smail with relaying blocks?
On Fri, 9 May 1997, Thomas Koenig wrote:
> ># block out some junkmailing scumbags
> >JUNKMAIL="208.9.64.0/24 208.9.65.0/24 207.14.212.0/24 208.1.117.0/24
> > 205.199.212.0/24 205.199.2.0/24"
> >
> >for i in $JUNKMAIL ; do
> > /sbin/ipfwadm -I -a reject -P tcp -S $i
> >done
>
> This sounds useful; I use something like that myself.
>
> If that's made configurable, with an empty start file, I think this
> could easily be made part of a standard package, e.g:
>
> for i in $(cat /etc/blocked_networks) ; do
> /sbin/ipfwadm -I -a reject -P tcp -S $i
> done
>
> If we distribute this with an empty config file, nobody could sue us
> for it.
The latest check_relay rule does this. here's what the notes say:
check_relay
check_relay gets the host name and host address of the client
separated by $| as parameters. This can be used as a substitute for
TCPWRAPPERS . You can enable the code for TCPWRAPPERS by compiling
sendmail with -DTCPWRAPPERS=1 . A small example is:
F{DeniedIP} /etc/mail/DeniedIP
F{DeniedNames} /etc/mail/DeniedNames
where these files contain a list of IP addresses and hostnames which
are not allowed to access your mailserver.
Scheck_relay
R$+ $| $={DeniedIP}$* $#error $@ 5.7.1 $: "no access from your IP address"
R$*$={DeniedNames} $| $* $#error $@ 5.7.1 $: "no access from your host"
(note the trailing/leading $* to match with incompletely specified
IP addresses/names).
Access will be refused with the error message:
550 Access denied
and the error string will be logged.
> > i sent a copy of the sendmail 8.8 anti-spam hacks (and some notes on
> > how to set it up) to the sendmail author a few months ago.
i made a mistake above. i said 'sendmail author', i meant 'debian package
maintainer' :-)
> > It hasn't been incorporated into the sendmail package yet - maybe i
> > should make a 'sendmail-antispam' package...
>
> Yep, good idea.
i've started on it already. Debian should be as spam-resistant as
possible.
> >2. do we (debian) distribute a 'Spammers' and 'SpamDomains' file with the
> > package? what are the legal ramifications of doing that?
> >
> >3. do we include a sample firewall rule file like the one above? again,
> > what are the legal ramifications?
>
> I think it would be best to leave the relevant configuration files
> empty. The rest is a local decisision.
yep.
craig
--
craig sanders
networking consultant Available for casual or contract
temporary autonomous zone system administration tasks.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: