README revision 33835
1 Filtering out SPAM from your site 2 3Introduction: 4 The FreeBSD Project filters spam, unsolicited commerical 5e-mail, from its mailing lists. The filter has two parts: databases 6and rulesets. We have rulesets to /etc/sendmail.cf, check_rcpt, 7check_relay, check_rbl, check_mail and xlat. (xlat is for testing 8only, as explained in /etc/mail/sendmail.cf.additions.) These 9rulesets use three databases. The denyip, a list of IP addresses, 10spamsites, a list of domains, and fakenames, a list of bogus 11usernames (such as investor and success). We do not accept mail 12from any machine that matches a entry in either database, or users 13in the fakenames database. 14 15 WARNING: We do not maintain the database source files. 16 Read domain.txt and ips.txt. 17 (Make will fetch them for you) 18 Domains that you want to allow, should be added 19 to the file /etc/mail/allowed_domains.txt. 20 IP addresses that you want to allow, should be added 21 to the file /etc/mail/allowed_ips.txt. 22 23Filtering at your site: 24 To filter spam at your site you need to: 25 1. modify your /etc/sendmail.cf, 26 2. retrieve the database source files from the master site, 27 3. make the databases and 28 4. finally signal sendmail that the configuration file has changed. 29 301. Modifying your /etc/sendmail.cf 31 Add the database declarations and the rulesets contained 32in /etc/mail/sendmail.cf.additions to your .mc file. If you do 33not use m4 to generate your /etc/sendmail.cf, add the database 34declarations to your /etc/sendmail.cf. 35 362. Fetching the database source files: 37 38 The database source files are available from Gulf Coast 39Internet via anonymous FTP. The Makefile in /etc/mail will retreive 40the source files for you: as root, type "cd /etc/mail; make" at 41the command line. The previous version of the database source 42files is moved to <filename>.0. 43 44 Local additions should be kept in separate files. We use 45spamsites.local and denyip.local. You may want to diff the new 46versions of the files against the previous versions to see what 47has changed. 48 49 Local deletions should be kept in separate files. We use 50allowed_domain.txt and allowed_ips.txt. (This feature was added 51after netcom.com was added to the spam block list.) 52 533. Make the databases: 54 As root, type "cd /etc/mail; make install" will build the 55two databases from the retrieved source files and the local additions 56files. 57 584. Signaling sendmail: 59 Sendmail will reread its configuration whenever sendmail 60receives a HUP signal. As root, type "kill -HUP `cat 61/var/run/sendmail.pid`". Check sendmail's log file to be sure that 62it has restarted. /var/log/maillog should contain the line: "Oct 6315 08:59:16 hub sendmail[6565]: restarting /usr/sbin/sendmail on 64signal". Most likely, the date, time, hostname and process id will 65be differ. 66 67Testing the spam filter: 68 69How can I tell if its working: 70 The mail log file, /var/log/maillog, will contain a line 71for every message filtered. The lines will be similar to one of 72these two log entries: 73 74Check_mail rejects: 75Oct 15 02:43:26 hub sendmail[6565]: CAA06565: ruleset=check_mail, 76arg1=<announce@martianconsulate.com>, relay=xxx.isp.net [###.###.###.###], 77reject=521 <announce@martianconsulate.com> 78 79Nov 30 15:56:37 hub sendmail[15058]: PAA15058: ruleset=check_mail, 80arg1=<ultramax@s2.eddelwissl.NET>, relay=relay.somewhere.com 81[###.###.###.###], reject=451 <ultramax@s2.eddelwissl.NET>... Domain 82does not resolve 83 84 85Check_relay rejects: 86Oct 19 04:45:24 hub sendmail[3503]: NOQUEUE: ruleset=check_relay, 87arg1=imsp015.netvigator.com, arg2=205.252.144.206, relay=root@localhost, 88reject=521 blocked.contact postmaster@FreeBSD.ORG 89 90check_rcpt reject: 91Nov 30 15:04:08 hub sendmail[12390]: PAA12390: ruleset=check_rcpt, 92arg1=investor@100percent.per.year.com, relay=newfed.frb.gov 93[198.3.221.5], reject=553 investor@100percent.per.year.com... 94521<investor@100percent.per.year.com>#blocked.contact postmaster 95Sun Nov 16 11:40:53 PST 1997 96