Anti-spam measures

Not sure if this is the right forum to discuss methods for
preventing spam/relaying with sendmail, but since the question
came up, and what you describe here is pretty much exactly like
a package I've already implemented:

     Poul-Henning Kamp wrote:

     > One of the best things to do, would probably be to make a
     > simple turnkey kind of sendmail config available to people.
     >
     > It should be possible for people to maintain four files on
     > their system and have sendmail DTRT for them after that:
     > 
     > /etc/sendmail.our_ip:
     > 	192.168.1.0/24
     > 	10.0.0.0/22
     > 
     > /etc/sendmail.our_domains:
     > 	foo.bar.com
     > 	some.customer.domain.xx
     > 
     > /etc/sendmail.we_mx_for:
     > 	bar.foo.com
     > 
     > /etc/sendmail.people_we_dont_talk_to
     > 	cyberpromo.com
     > 	203.43.43.0/22
     > 
     > Now that would be a worthwhile project to do...


My implementation uses two config files - one for access control and
one for relay control. A typical access-control file could look like this:

  deny    bozo at domain.com
  deny    @cyberpromo.com
  permit  192.2.49
  deny    192.2

The deny/permit rules work like you would expect - a most-exact-match is
performed. In this case mail from sender address "bozo at domain.com" and
from everyone at cyberpromo.com will not be accepted. Connections from
clients with IP addresses that start with 192.2 will not be accepted
either, except those that start with 192.2.49.

A typical relay-control file could look like this:


  # IP address ranges that can relay anywhere:
  #
  127
  10.127.99       # Our own addresses
  195.18.159      # Customer X
  163.22          # Customer Y
  100.22.2.56     # Mail server Z
  #
  # Domain names we accept mail for:
  #
  mydomain.com
  another-domain.com
  yet-another-domain.com
  #
  include sendmail.cw
  include mailertable
  include secondary-mx


This file contains two types of information - a collection of IP address
ranges that can relay mail anywhere through us, and a list of domain names
that we accept mail from from anywhere.

The mail server will accept mail destined for the domain names in this
file from ANYWHERE, and will accept mail for OTHER domains ONLY from
clients whose IP adresses are in this file. Which provides complete
relay control.

To make maintanance easier, you can see that you may "include" the
contents of other common sendmail files so that you don't need to
maintain more then one copy of the list of domain names you accept
mail for. Useful for large ISP's like ourselves.

(The URL is ftp://ftp.xyzzy.no/sendmail/access.tar.Z)

-- 
Gjermund Sxrseth, Telenor Nextel