Sendmail Configuration

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison | Sendmail Configuration ]

This page describes how configure sendmail 8.11.6 to block spam using a number of effective spam signature detection methods I have developed over the years. About 15% of the incoming mail at SDSC is blocked due to these rules, with only occasional reports of non-spam being affected. Some of the rules are good at blocking the Klez, Sobig, and Bugbear worms.

Most of these modifications to sendmail can easily be adapted to work with older sendmail versions, but you should upgrade to at least version 8.11.6 to avoid known security vulnerabilities. I have not tested this approach with any versions of sendmail 8.12 but it should work with some changes.

If you decide to use these modifications, please also sign up for my sendmail-config mailing list, which is where important announcements of new versions are made. Failing that, you should at least check the sendmail-config mailing list archives periodically for updates.

First apply this patch to the source. If for some strange reason you choose not to implement any of the anti-spam rules in the .mc file this patch should be harmless.

Then ensure that your sendmail executable is compiled with MAP_REGEX defined. One way to do this is to include the line 

APPENDDEF(`confMAPDEF', `-DMAP_REGEX')
in your devtools/Site/site.config.m4 file before compiling.

Add these rules to the end of your .mc file, build a new .cf file with it, install, and restart sendmail to make all of the changes take effect. Don't forget to include your favorite external blacklists. Mine are:

FEATURE(`dnsbl', `dul.dnsbl.sorbs.net', `"550 Mail from " $`'&{client_addr} " refused - see http://www.dul.dnsbl.sorbs.net/"')
FEATURE(`dnsbl', `sbl.spamhaus.org', `"550 Mail from " $`'&{client_addr} " refused - see http://www.spamhaus.org/sbl/"')
FEATURE(`dnsbl', `list.dsbl.org', `"550 Mail from " $`'&{client_addr} " refused - see http://dsbl.org/"')
FEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from " $`'&{client_addr} " refused - see http://spamcop.net/bl.shtml"')
Finally, here are a few entries you will surely want in your sendmail access file: 
Connect:127.0.0.1		OK
From:Do_Not_Reply@paypal.com	ERROR:5.7.1:550 Probable Mimail.J worm rejected
From:FUCKENSUICIDE@HOTMAIL.COM	ERROR:5.7.1:550 Probable Dumaru worm rejected
From:hotmail.com		IGNORE ZonelessDate
From:msn.com			IGNORE XMSMailPriority
From:security@microsoft.com	ERROR:5.7.1:550 Probable Dumaru worm rejected
From:support@microsoft.com	ERROR:5.7.1:550 Probable Sobig.B worm rejected
To:Friend@public.com		POISON
big@boss.com			ERROR:5.7.1:550 Sobig.A worm rejected
check@user.com			ERROR:5.1.1:550 User unknown
hahaha@sexyfun.net		ERROR:5.7.1:550 Hybris worm rejected
joe@nowhere.com			ERROR:5.1.1:550 User unknown
test2@test2.com			ERROR:5.1.1:550 User unknown
test@test.com			ERROR:5.1.1:550 User unknown
test@test.net			ERROR:5.1.1:550 User unknown
verify@email.com		ERROR:5.1.1:550 User unknown
verify@pisem.net		ERROR:5.1.1:550 User unknown
verify@testmail.com		ERROR:5.1.1:550 User unknown
This document was last updated by Jeff Makey <jeff@sdsc.edu> on 27 January 2004.