README revision 38738
138738Sbrian# $Id:$ 238738Sbrian 333835Sjmb Filtering out SPAM from your site 430581Sjmb 530581SjmbIntroduction: 630581Sjmb The FreeBSD Project filters spam, unsolicited commerical 730581Sjmbe-mail, from its mailing lists. The filter has two parts: databases 831467Sjmband rulesets. We have rulesets to /etc/sendmail.cf, check_rcpt, 931467Sjmbcheck_relay, check_rbl, check_mail and xlat. (xlat is for testing 1031467Sjmbonly, as explained in /etc/mail/sendmail.cf.additions.) These 1131467Sjmbrulesets use three databases. The denyip, a list of IP addresses, 1231467Sjmbspamsites, a list of domains, and fakenames, a list of bogus 1331467Sjmbusernames (such as investor and success). We do not accept mail 1431728Snatefrom any machine that matches a entry in either database, or users 1531467Sjmbin the fakenames database. 1630581Sjmb 1733835Sjmb WARNING: We do not maintain the database source files. 1833835Sjmb Read domain.txt and ips.txt. 1933835Sjmb (Make will fetch them for you) 2033835Sjmb Domains that you want to allow, should be added 2133835Sjmb to the file /etc/mail/allowed_domains.txt. 2233835Sjmb IP addresses that you want to allow, should be added 2333835Sjmb to the file /etc/mail/allowed_ips.txt. 2433835Sjmb 2530581SjmbFiltering at your site: 2630581Sjmb To filter spam at your site you need to: 2730581Sjmb 1. modify your /etc/sendmail.cf, 2830581Sjmb 2. retrieve the database source files from the master site, 2930581Sjmb 3. make the databases and 3030581Sjmb 4. finally signal sendmail that the configuration file has changed. 3130581Sjmb 3230581Sjmb1. Modifying your /etc/sendmail.cf 3330581Sjmb Add the database declarations and the rulesets contained 3430581Sjmbin /etc/mail/sendmail.cf.additions to your .mc file. If you do 3530581Sjmbnot use m4 to generate your /etc/sendmail.cf, add the database 3630581Sjmbdeclarations to your /etc/sendmail.cf. 3730581Sjmb 3830581Sjmb2. Fetching the database source files: 3933835Sjmb 4030581Sjmb The database source files are available from Gulf Coast 4130581SjmbInternet via anonymous FTP. The Makefile in /etc/mail will retreive 4230581Sjmbthe source files for you: as root, type "cd /etc/mail; make" at 4330581Sjmbthe command line. The previous version of the database source 4433835Sjmbfiles is moved to <filename>.0. 4530581Sjmb 4633835Sjmb Local additions should be kept in separate files. We use 4733835Sjmbspamsites.local and denyip.local. You may want to diff the new 4833835Sjmbversions of the files against the previous versions to see what 4933835Sjmbhas changed. 5033835Sjmb 5133835Sjmb Local deletions should be kept in separate files. We use 5233835Sjmballowed_domain.txt and allowed_ips.txt. (This feature was added 5333835Sjmbafter netcom.com was added to the spam block list.) 5433835Sjmb 5530581Sjmb3. Make the databases: 5630581Sjmb As root, type "cd /etc/mail; make install" will build the 5730581Sjmbtwo databases from the retrieved source files and the local additions 5830581Sjmbfiles. 5930581Sjmb 6030581Sjmb4. Signaling sendmail: 6130581Sjmb Sendmail will reread its configuration whenever sendmail 6230581Sjmbreceives a HUP signal. As root, type "kill -HUP `cat 6330581Sjmb/var/run/sendmail.pid`". Check sendmail's log file to be sure that 6430581Sjmbit has restarted. /var/log/maillog should contain the line: "Oct 6530581Sjmb15 08:59:16 hub sendmail[6565]: restarting /usr/sbin/sendmail on 6630581Sjmbsignal". Most likely, the date, time, hostname and process id will 6730581Sjmbbe differ. 6830581Sjmb 6930581SjmbTesting the spam filter: 7030581Sjmb 7130581SjmbHow can I tell if its working: 7230581Sjmb The mail log file, /var/log/maillog, will contain a line 7330581Sjmbfor every message filtered. The lines will be similar to one of 7430581Sjmbthese two log entries: 7530581Sjmb 7630581SjmbCheck_mail rejects: 7731467SjmbOct 15 02:43:26 hub sendmail[6565]: CAA06565: ruleset=check_mail, 7830581Sjmbarg1=<announce@martianconsulate.com>, relay=xxx.isp.net [###.###.###.###], 7931467Sjmbreject=521 <announce@martianconsulate.com> 8030581Sjmb 8131467SjmbNov 30 15:56:37 hub sendmail[15058]: PAA15058: ruleset=check_mail, 8231467Sjmbarg1=<ultramax@s2.eddelwissl.NET>, relay=relay.somewhere.com 8331467Sjmb[###.###.###.###], reject=451 <ultramax@s2.eddelwissl.NET>... Domain 8431467Sjmbdoes not resolve 8531467Sjmb 8631467Sjmb 8730581SjmbCheck_relay rejects: 8830581SjmbOct 19 04:45:24 hub sendmail[3503]: NOQUEUE: ruleset=check_relay, 8930581Sjmbarg1=imsp015.netvigator.com, arg2=205.252.144.206, relay=root@localhost, 9030581Sjmbreject=521 blocked.contact postmaster@FreeBSD.ORG 9131467Sjmb 9231467Sjmbcheck_rcpt reject: 9331467SjmbNov 30 15:04:08 hub sendmail[12390]: PAA12390: ruleset=check_rcpt, 9431467Sjmbarg1=investor@100percent.per.year.com, relay=newfed.frb.gov 9531467Sjmb[198.3.221.5], reject=553 investor@100percent.per.year.com... 9631467Sjmb521<investor@100percent.per.year.com>#blocked.contact postmaster 9731467SjmbSun Nov 16 11:40:53 PST 1997 98