README revision 31467 
1	Filtering out SPAM from your site
2
3Introduction:
4	The FreeBSD Project filters spam, unsolicited commerical
5e-mail, from its mailing lists.  The filter has two parts: databases
6and rulesets.  We have rulesets to /etc/sendmail.cf, check_rcpt,
7check_relay, check_rbl, check_mail and xlat. (xlat is for testing
8only, as explained in /etc/mail/sendmail.cf.additions.) These
9rulesets use three databases.  The denyip, a list of IP addresses,
10spamsites, a list of domains, and fakenames, a list of bogus
11usernames (such as investor and success).  We do not accept mail
12from any machine that matches a entry in either database, or usersr
13in the fakenames database.
14
15Filtering at your site:
16	To filter spam at your site you need to:
17	1. modify your /etc/sendmail.cf, 
18	2. retrieve the database source files from the master site,
19	3. make the databases and 
20	4. finally signal sendmail that the configuration file has changed.
21
221. Modifying your /etc/sendmail.cf
23	Add the database declarations and the rulesets contained
24in /etc/mail/sendmail.cf.additions to your .mc file.  If you do
25not use m4 to generate your /etc/sendmail.cf, add the database
26declarations to your /etc/sendmail.cf.
27
282. Fetching the database source files:
29	The database source files are available from Gulf Coast
30Internet via anonymous FTP.  The Makefile in /etc/mail will retreive
31the source files for you: as root, type "cd /etc/mail; make" at
32the command line.  The previous version of the database source
33files is moved to <filename>.0.  Local additions should be kept in
34separate files.  We use spamsites.local and denyip.local.  You may
35want to diff the new versions of the files against the previous
36versions to see what has changed.
37
383. Make the databases:
39	As root, type "cd /etc/mail; make install" will build the
40two databases from the retrieved source files and the local additions
41files.
42
434. Signaling sendmail:
44	Sendmail will reread its configuration whenever sendmail
45receives a HUP signal.  As root, type "kill -HUP `cat
46/var/run/sendmail.pid`".  Check sendmail's log file to be sure that
47it has restarted.  /var/log/maillog should contain the line:  "Oct
4815 08:59:16 hub sendmail[6565]: restarting /usr/sbin/sendmail on
49signal".  Most likely, the date, time, hostname and process id will
50be differ.
51
52Testing the spam filter:
53
54How can I tell if its working:
55	The mail log file, /var/log/maillog, will contain a line
56for every message filtered.  The lines will be similar to one of
57these two log entries:
58
59Check_mail rejects:
60Oct 15 02:43:26 hub sendmail[6565]: CAA06565: ruleset=check_mail,
61arg1=<announce@martianconsulate.com>, relay=xxx.isp.net [###.###.###.###],
62reject=521 <announce@martianconsulate.com>
63
64Nov 30 15:56:37 hub sendmail[15058]: PAA15058: ruleset=check_mail,
65arg1=<ultramax@s2.eddelwissl.NET>, relay=relay.somewhere.com
66[###.###.###.###], reject=451 <ultramax@s2.eddelwissl.NET>... Domain
67does not resolve
68
69
70Check_relay rejects:
71Oct 19 04:45:24 hub sendmail[3503]: NOQUEUE: ruleset=check_relay,
72arg1=imsp015.netvigator.com, arg2=205.252.144.206, relay=root@localhost,
73reject=521 blocked.contact postmaster@FreeBSD.ORG
74
75check_rcpt reject:
76Nov 30 15:04:08 hub sendmail[12390]: PAA12390: ruleset=check_rcpt,
77arg1=investor@100percent.per.year.com, relay=newfed.frb.gov
78[198.3.221.5], reject=553 investor@100percent.per.year.com...
79521<investor@100percent.per.year.com>#blocked.contact postmaster
80Sun Nov 16 11:40:53 PST 1997
81