README revision 31467
1 Filtering out SPAM from your site 2 3Introduction: 4 The FreeBSD Project filters spam, unsolicited commerical 5e-mail, from its mailing lists. The filter has two parts: databases 6and rulesets. We have rulesets to /etc/sendmail.cf, check_rcpt, 7check_relay, check_rbl, check_mail and xlat. (xlat is for testing 8only, as explained in /etc/mail/sendmail.cf.additions.) These 9rulesets use three databases. The denyip, a list of IP addresses, 10spamsites, a list of domains, and fakenames, a list of bogus 11usernames (such as investor and success). We do not accept mail 12from any machine that matches a entry in either database, or usersr 13in the fakenames database. 14 15Filtering at your site: 16 To filter spam at your site you need to: 17 1. modify your /etc/sendmail.cf, 18 2. retrieve the database source files from the master site, 19 3. make the databases and 20 4. finally signal sendmail that the configuration file has changed. 21 221. Modifying your /etc/sendmail.cf 23 Add the database declarations and the rulesets contained 24in /etc/mail/sendmail.cf.additions to your .mc file. If you do 25not use m4 to generate your /etc/sendmail.cf, add the database 26declarations to your /etc/sendmail.cf. 27 282. Fetching the database source files: 29 The database source files are available from Gulf Coast 30Internet via anonymous FTP. The Makefile in /etc/mail will retreive 31the source files for you: as root, type "cd /etc/mail; make" at 32the command line. The previous version of the database source 33files is moved to <filename>.0. Local additions should be kept in 34separate files. We use spamsites.local and denyip.local. You may 35want to diff the new versions of the files against the previous 36versions to see what has changed. 37 383. Make the databases: 39 As root, type "cd /etc/mail; make install" will build the 40two databases from the retrieved source files and the local additions 41files. 42 434. Signaling sendmail: 44 Sendmail will reread its configuration whenever sendmail 45receives a HUP signal. As root, type "kill -HUP `cat 46/var/run/sendmail.pid`". Check sendmail's log file to be sure that 47it has restarted. /var/log/maillog should contain the line: "Oct 4815 08:59:16 hub sendmail[6565]: restarting /usr/sbin/sendmail on 49signal". Most likely, the date, time, hostname and process id will 50be differ. 51 52Testing the spam filter: 53 54How can I tell if its working: 55 The mail log file, /var/log/maillog, will contain a line 56for every message filtered. The lines will be similar to one of 57these two log entries: 58 59Check_mail rejects: 60Oct 15 02:43:26 hub sendmail[6565]: CAA06565: ruleset=check_mail, 61arg1=<announce@martianconsulate.com>, relay=xxx.isp.net [###.###.###.###], 62reject=521 <announce@martianconsulate.com> 63 64Nov 30 15:56:37 hub sendmail[15058]: PAA15058: ruleset=check_mail, 65arg1=<ultramax@s2.eddelwissl.NET>, relay=relay.somewhere.com 66[###.###.###.###], reject=451 <ultramax@s2.eddelwissl.NET>... Domain 67does not resolve 68 69 70Check_relay rejects: 71Oct 19 04:45:24 hub sendmail[3503]: NOQUEUE: ruleset=check_relay, 72arg1=imsp015.netvigator.com, arg2=205.252.144.206, relay=root@localhost, 73reject=521 blocked.contact postmaster@FreeBSD.ORG 74 75check_rcpt reject: 76Nov 30 15:04:08 hub sendmail[12390]: PAA12390: ruleset=check_rcpt, 77arg1=investor@100percent.per.year.com, relay=newfed.frb.gov 78[198.3.221.5], reject=553 investor@100percent.per.year.com... 79521<investor@100percent.per.year.com>#blocked.contact postmaster 80Sun Nov 16 11:40:53 PST 1997 81