1# $Id:$ 2 3 Filtering out SPAM from your site 4 5Introduction: 6 The FreeBSD Project filters spam, unsolicited commerical 7e-mail, from its mailing lists. The filter has two parts: databases 8and rulesets. We have rulesets to /etc/sendmail.cf, check_rcpt, 9check_relay, check_rbl, check_mail and xlat. (xlat is for testing 10only, as explained in /etc/mail/sendmail.cf.additions.) These 11rulesets use three databases. The denyip, a list of IP addresses, 12spamsites, a list of domains, and fakenames, a list of bogus 13usernames (such as investor and success). We do not accept mail 14from any machine that matches a entry in either database, or users 15in the fakenames database. 16 17 WARNING: We do not maintain the database source files. 18 Read domain.txt and ips.txt. 19 (Make will fetch them for you) 20 Domains that you want to allow, should be added 21 to the file /etc/mail/allowed_domains.txt. 22 IP addresses that you want to allow, should be added 23 to the file /etc/mail/allowed_ips.txt. 24 25Filtering at your site: 26 To filter spam at your site you need to: 27 1. modify your /etc/sendmail.cf, 28 2. retrieve the database source files from the master site, 29 3. make the databases and 30 4. finally signal sendmail that the configuration file has changed. 31 321. Modifying your /etc/sendmail.cf 33 Add the database declarations and the rulesets contained 34in /etc/mail/sendmail.cf.additions to your .mc file. If you do 35not use m4 to generate your /etc/sendmail.cf, add the database 36declarations to your /etc/sendmail.cf. 37 382. Fetching the database source files: 39 40 The database source files are available from Gulf Coast 41Internet via anonymous FTP. The Makefile in /etc/mail will retreive 42the source files for you: as root, type "cd /etc/mail; make" at 43the command line. The previous version of the database source 44files is moved to <filename>.0. 45 46 Local additions should be kept in separate files. We use 47spamsites.local and denyip.local. You may want to diff the new 48versions of the files against the previous versions to see what 49has changed. 50 51 Local deletions should be kept in separate files. We use 52allowed_domain.txt and allowed_ips.txt. (This feature was added 53after netcom.com was added to the spam block list.) 54 553. Make the databases: 56 As root, type "cd /etc/mail; make install" will build the 57two databases from the retrieved source files and the local additions 58files. 59 604. Signaling sendmail: 61 Sendmail will reread its configuration whenever sendmail 62receives a HUP signal. As root, type "kill -HUP `cat 63/var/run/sendmail.pid`". Check sendmail's log file to be sure that 64it has restarted. /var/log/maillog should contain the line: "Oct 6515 08:59:16 hub sendmail[6565]: restarting /usr/sbin/sendmail on 66signal". Most likely, the date, time, hostname and process id will 67be differ. 68 69Testing the spam filter: 70 71How can I tell if its working: 72 The mail log file, /var/log/maillog, will contain a line 73for every message filtered. The lines will be similar to one of 74these two log entries: 75 76Check_mail rejects: 77Oct 15 02:43:26 hub sendmail[6565]: CAA06565: ruleset=check_mail, 78arg1=<announce@martianconsulate.com>, relay=xxx.isp.net [###.###.###.###], 79reject=521 <announce@martianconsulate.com> 80 81Nov 30 15:56:37 hub sendmail[15058]: PAA15058: ruleset=check_mail, 82arg1=<ultramax@s2.eddelwissl.NET>, relay=relay.somewhere.com 83[###.###.###.###], reject=451 <ultramax@s2.eddelwissl.NET>... Domain 84does not resolve 85 86 87Check_relay rejects: 88Oct 19 04:45:24 hub sendmail[3503]: NOQUEUE: ruleset=check_relay, 89arg1=imsp015.netvigator.com, arg2=205.252.144.206, relay=root@localhost, 90reject=521 blocked.contact postmaster@FreeBSD.ORG 91 92check_rcpt reject: 93Nov 30 15:04:08 hub sendmail[12390]: PAA12390: ruleset=check_rcpt, 94arg1=investor@100percent.per.year.com, relay=newfed.frb.gov 95[198.3.221.5], reject=553 investor@100percent.per.year.com... 96521<investor@100percent.per.year.com>#blocked.contact postmaster 97Sun Nov 16 11:40:53 PST 1997 98