Setting up DNSBL for spam blocking

From CobaltFAQs

Jump to: navigation, search

Contents

Backup the original file

First change to the location where the .mc file used to build sendmail.cf is located, and make a backup copy of it:

cd /usr/lib/sendmail-cf/cf
cp cobalt.mc cobalt.mc.safe

Add the DNSBL entries

Edit cobalt.mc using your favorite editor like vi or pico and add these entries:

FEATURE(`blacklist_recipients')dnl
FEATURE(`dnsbl',`sbl-xbl.spamhaus.org',`554 Rejected - see http://www.spamhaus.org/')dnl
FEATURE(`dnsbl',`relays.ordb.org',`554 Rejected - see http://www.ordb.org/')dnl
FEATURE(`dnsbl',`combined.njabl.org',`554 Message from $&{client_addr} rejected - see http://www.njabl.org/')dnl
FEATURE(`dnsbl',`dnsbl.sorbs.net',`554 Email rejected - $&{client_addr} found in dnsbl.sorbs.net')dnl
FEATURE(`dnsbl',`bl.spamcop.net',`554 Rejected - see http://www.spamcop.net/')dnl

or whatever other info is relevant for your particular DNSBLs. The main thing to get right is the

FEATURE(`dnsbl', `host.dnsbl.tld', `Message to display')dnl

format. Make sure to use the backtick and apostrophe properly.

Build the new sendmail.cf file

Then build the new sendmail.cf, install it, and restart sendmail:

cd /usr/lib/sendmail-cf
m4 cf/cobalt.mc > /etc/mail/spamblock.cf
cd /etc/mail
cp sendmail.cf sendmail.cf.nodnsbl
cp spamblock.cf sendmail.cf
chmod 0644 sendmail.cf
/etc/rc.d/init.d/sendmail restart

Immediately test sending mail to and through your server to make sure it is all working like it should. You can watch the sendmail log to see what's happening:

tail -f /var/log/maillog

Undoing the DNSBLs

If for some reason you need to stop using the blocking lists, just do

cp /etc/mail/sendmail.cf.nodnsbl /etc/mail/sendmail.cf
/etc/rc.d/init.d/sendmail restart

Fix POP Before SMTP

The original Cobalt file does not have any commands in it to make the POP-Before-SMTP entries in sendmail.cf when building or rebuilding it with m4. So if you are using POP Authentication to allow mail relaying through your server, you will need to manually add the parts back into sendmail.cf after rebuilding. There does not appear to be a clean line or two that can be put into the cobalt.mc file that will autogenerate the POP relaying section via m4.

Edit /etc/mail/sendmail.cf. Find the lines

# Virtual user table (maps incoming users)
Kvirtuser hash -o /etc/mail/virtusertable

and add these below them

# poprelay list
Kpopip hash -a<MATCH> /etc/mail/popip

These should be around line 152.

Then add some lines to the relay checking section (around line 1010). Find the header block

######################################################################
###  check_relay -- check hostname/address on SMTP startup
######################################################################

and add/change the lines below it to read like this:

######################################################################
###  check_relay -- check hostname/address on SMTP startup
######################################################################

SLocal_check_relay
# Put the address into cannonical form (even if it doesn't resolve to an MX).
R$*                     $: $>Parse0 03 $1
R$* < $* > $*           $: $1 < $2 . > $3
R$* < $* . . > $*       $1 < $2 . > $3
# Test against pop-before-relay hash
R$*                     $: < $&{client_addr} >
R< $* >                 $(popip $1 $)
R$* < MATCH >           $#OK

Scheck_relay
R$*                     $: $1 $| $>"Local_check_relay" $1
R$* $| $* $| $#$*       $#$3
R$* $| $* $| $*         $@ $>"Basic_check_relay" $1 $| $2

SBasic_check_relay
# check for deferred delivery mode
R$*                     $: < ${deliveryMode} > $1
R< d > $*               $@ deferred
R< $* > $*              $: $2

R$+ $| $+               $: $>LookUpDomain < $1 > <?> < $2 > <+Connect>
R<?> <$+>               $: $>LookUpAddress < $1 > <?> < $1 > <+Connect> no: another lookup
R<?> < $+ >             $: $1                                   found nothing
R<$={Accept}> < $* >    $@ $1                           return value of lookup
R<REJECT> $*            $#error $@ 5.7.1 $: "550 Access denied"
R<DISCARD> $*           $#discard $: discard
R<ERROR:$-.$-.$-:$+> <$*>       $#error $@ $1.$2.$3 $: $4
R<ERROR:$+> <$*>                $#error $: $1
R<$+> <$*>              $#error $: $1

VERY IMPORTANT! Use TABs to separate the two columns, not spaces (i.e., a copy/paste from this web page will not work!).

Note that immediately below this section is where the DNSBL lines will be entered:

# DNS based IP address spam list sbl-xbl.spamhaus.org
R$*                     $: $&{client_addr}
R::ffff:$-.$-.$-.$-     $: <?> $(host $4.$3.$2.$1.sbl-xbl.spamhaus.org. $: OK $)
R$-.$-.$-.$-            $: <?> $(host $4.$3.$2.$1.sbl-xbl.spamhaus.org. $: OK $)
R<?>OK                  $: OKSOFAR
R<?>$+                  $#error $@ 5.7.1 $: "550 Email rejected. See http://www.spamhaus.org/"

# DNS based IP address spam list relays.ordb.org
R$*                     $: $&{client_addr}
R::ffff:$-.$-.$-.$-     $: <?> $(host $4.$3.$2.$1.relays.ordb.org. $: OK $)
R$-.$-.$-.$-            $: <?> $(host $4.$3.$2.$1.relays.ordb.org. $: OK $)
R<?>OK                  $: OKSOFAR
R<?>$+                  $#error $@ 5.7.1 $: "550 Email rejected. See http://www.ordb.org/faq/\#why_rejected"

# DNS based IP address spam list combined.njabl.org
R$*                     $: $&{client_addr}
R::ffff:$-.$-.$-.$-     $: <?> $(host $4.$3.$2.$1.combined.njabl.org. $: OK $)
R$-.$-.$-.$-            $: <?> $(host $4.$3.$2.$1.combined.njabl.org. $: OK $)
R<?>OK                  $: OKSOFAR
R<?>$+                  $#error $@ 5.7.1 $: "550 Email rejected. See http://www.njabl.org/"

# DNS based IP address spam list dnsbl.sorbs.net
R$*                     $: $&{client_addr}
R::ffff:$-.$-.$-.$-     $: <?> $(host $4.$3.$2.$1.dnsbl.sorbs.net. $: OK $)
R$-.$-.$-.$-            $: <?> $(host $4.$3.$2.$1.dnsbl.sorbs.net. $: OK $)
R<?>OK                  $: OKSOFAR
R<?>$+                  $#error $@ 5.7.1 $: "554 Email rejected. " $&{client_addr} " found in dnsbl.sorbs.net"

# DNS based IP address spam list bl.spamcop.net
R$*                     $: $&{client_addr}
R::ffff:$-.$-.$-.$-     $: <?> $(host $4.$3.$2.$1.bl.spamcop.net. $: OK $)
R$-.$-.$-.$-            $: <?> $(host $4.$3.$2.$1.bl.spamcop.net. $: OK $)
R<?>OK                  $: OKSOFAR
R<?>$+                  $#error $@ 5.7.1 $: "550 Email rejected. See http://www.spamcop.net/"
Personal tools