Re: Unwanted relay use

Dennis Boylan (dennis@linux.lan.com)
Fri, 1 Aug 1997 11:04:26 -0400

wladams@freenet.tlh.fl.us writes:
>
>
> On Thu, 31 Jul 1997, Duncan Hill wrote:
>
> > On Thu, 31 Jul 1997, David Beitler wrote:
> >
> > > sendmail[15761]: OAA15761: from=<CommNOW_Robot@commnow.com>,size=4550,
> > > class=0, pri=34550, nrcpts=1, msgid=<2400845823.1896353@commnow.com>,
> > > proto=ESMTP, relay=macromac.commnow.com [157.151.203.4]
> >
> > Ok, as I remember, www.sendmail.org has a sendmail solution to this.
> > The other solution I have seen is to use hosts.deny to deny his IP
> > access to your mail server port.
>
> also don't forget this works only if sendmail is libwrapped
> or fronted by tcpd.
This is not true, you can do the same thing with the check_relay rule,
if your sendmail is 8.8.

Here is an example linux.mc file to generate everything. It does not
require that any of the files exist, but if they do, it will use them.
You just need to put the ip or domain name in the Denied files. I like
generating all of the cyberpromo domains and putting them in the denied
files. It does not have the 8.8.6 database files for check_relay, but
it is on my list.

VERSIONID(`LAN configuration with kitchen sink')
OSTYPE(linux)
define(`ALIAS_FILE',`/etc/mail/aliases')
define(`confMATCH_GEOS',False)
define(`confUNSAFE_GROUP_WRITES',True)
define(`confCW_FILE',` -o /etc/mail/sendmail.cw')
FEATURE(use_cw_file)
FEATURE(nouucp)
FEATURE(always_add_domain)
FEATURE(genericstable, `hash -o /etc/mail/genericstable')
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')
FEATURE(domaintable, `hash -o /etc/mail/domaintable')
MAILER(local)
MAILER(smtp)
define(`SPAMMASTER',`dennis@lan.com')
LOCAL_CONFIG
F{DeniedIP} -o /etc/mail/DeniedIP
F{DeniedNames} -o /etc/mail/DeniedNames
F{RelayFrom} -o /etc/mail/RelayFrom
F{RelayIP} -o /etc/mail/RelayIP
F{mxholder} -o /etc/mail/mxholder
Kforwards hash -o /etc/mail/forwards
Kspammers hash -o /etc/mail/spammers
LOCAL_RULESETS
# Wraper like rule (Can't use maps until 8.8.6 of sendmail)
Scheck_relay
R$+ $| $={DeniedIP}$* $#error $@ 5.7.1 $: "no access from your IP address"
R$*$={DeniedNames} $| $* $#error $@ 5.7.1 $: "no access from your host"

Scheck_mail
# check for valid domain name (incompatible with DeliveryMode=defer)
R$* $: <?> $>3 $1 make domain canonical
R<?> $* < @ $+ . > $: <OK> tag resolved names
R<?> $* < @ $+ > $#error $: 451 Domain must resolve

# check relay against spammers database
R$* $: $(spammers $&{client_name} $: OK $)
ROK $@ OK
R$+ $#error $@ 5.7.1 $: "571 Relay denied bu rule Contact SPAMMASTER"

# Stomp on relayers
Scheck_rcpt
# Process To
R$+ $: <$(forwards $1 $)>
R<FORWARD> $@ ok
R<DISABLE> $#error $@ 5.7.1 $: "571 Receipient is disabled"
R$+ $: $>3 $1
R$+ $: $(dequote $1 $)
R$- $@ ok to here
R$*%$*<@$=w> $#error $@ 5.7.1 $: "571 Relay denied by rule Contact SPAMMASTER"
R$*%$*<@$=w.> $#error $@ 5.7.1 $: "571 Relay denied by rule Contact SPAMMASTER"
R$*<@$=w.> $@ ok to here
R$*<@$={mxholder}.> $@ ok to here
R$+<@$+.> $: <$(forwards $1@$2 $)>
R<FORWARD> $@ ok
R<DISABLE> $#error $@ 5.7.1 $: "571 Receipient is disabled"
# Process From
R$* $: $>3 $(dequote "" $&f $)
R$- $@ ok from here
R$+<@$*$=w.> $@ ok from here
R$+<@$*$={RelayFrom}.> $@ ok Domain we will relay for
R$* $: $(dequote "" $&{client_addr} $)
R0 $@ ok client_addr is 0 for -bs
R$={RelayIP}$* $@ ok An address that is friendly
R$* $#error $@ 5.7.1 $: "571 Relay denied by rule Contact SPAMMASTER"

>
> bill
>
Dennis Boylan
dennis@lan.com