Sendmail backup mx relay

I have used sendmail for a number of years. We use it on our main mail server and on our backup mx servers.

Up until recently we simply allowed the backup mx servers to relay all mail to the domains they serve. Unfortunately spammers tend to target backup mx servers in the belief they are less well protected.

One of the side effects of this is that you end up accepting mail for lots of invalid addresses, which not only results in more spam (as the spammer thinks the address is valid) but also means you then end up trying to send non delivery receipts to some random reply address when the backup mx tries to deliver the mail to the main server and gets refused as the address doesn’t exist.

I finally worked out that there is a nice feature in sendmail to only relay certain addresses thus refusing all the other junk and preventing the erroneous non delivery receipts.

By default we used to add the following to out access database

TO:iwayvietnam.com RELAY

which simply means relay all email addressed to the domain iwayvietnam.com

It is possible to be more selective but first you have to add the following to your sendmail configuration (sendmail.mc). Suggest you save a copy of sendmail.cf first for later comparison.

dnl #
dnl #Use access db with undocumented feature
dnl #
define(`_RELAY_FULL_ADDR_', `1')

Then do a make. Compare your new sendmail.cf with your old one just to ensure you’ve not lost anything.

You can now specify specific email addresses in the TO field rather than just the domain.

It means you have to remember to update your backup mx servers whenever you add or remove an email account but that is a small price to pay for the empty mail queues. I guess you could easily automate it.

Don’t for get to rebuild your access database once you’ve edited the text file.

# hash /etc/mail/access.db < /etc/mail/access

PS. I also set DoubleBounceAddress to nothing (O DoubleBounceAddress=) to get rid of all those non delivery receipts of non delivery receipts!

Sendmail’s Greet_Pause

Slamming is a popular spammer tactic in which the spammer quickly fires off SMTP messages without waiting for responses from the receiving server. A poorly behaved MTA will then accept traffic from the spammer, instead of rejecting it as it should. But even well-behaved MTAs are affected because of the sheer volume of traffic with which they are forced to deal. The venerable sendmail, as of version 8.13, has a nifty feature called “greet_pause” that not only rejects incorrect SMTP transactions, but also discourages re-sends.

In a normal SMTP transaction, the client first connects and the server is supposed to send back a “220” greeting, something like:

$ telnet mail.foo.org 25
Trying 12.34.56.78...
Connected to foo.com.
Escape character is '^]'.
220-host6.foo.org ESMTP Sendmail 8.13.6/8.13.6; Wed, 14 Jun 2006 18:04:49 -0600
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.

Then, the client says “ehlo” or “helo,” and the transaction continues. When the client is an impatient spammer and sends more commands without listening, the greet_pause feature detects this, marks the connection bad, and responds to anything else that tries to come over that connection with a 554 (transaction failed) message. It works by pausing briefly before sending out its 220 messages.

The pause interval is configurable, so you can tune it as needed.

Interestingly, you’ll probably find that your total spam attempts drop significantly after implementing greet_pause, possibly because the spammer’s software thinks it’s hitting a bad server or bad addresses, or otherwise getting stuck somehow. It’s an ingenious and simple method with a low-overhead that discourages significant amounts of spam.

As always, be sure to whitelist all of your important addresses. Visit sendmail.org/doc/ to learn more.

Removing mails spam-scored over 10

I am using SpamAssassin 3.1.x on Linux.
Now, all mails with spam score over five (5) are marked as spams (so simple configuration). Further more, I would like to remove permanently all mails with score over ten (10).

Here is content of /etc/procmailrc to do that:

DROPPRIVS=yes
MAX_SCORE=10.00
MIN_SCORE=5.00
:0fw
| /usr/bin/spamc
:0
* ^X-Spam-Status:.*score=\/[0-9\.]+
{
## if spam score is > MAX_SCORE, trash it
:0
* $ -${MAX_SCORE}^0
* $ ${MATCH}^0
/dev/null
## else if spam score is > MIN_SCORE, send it to spam folder
:0E:
* $ -${MIN_SCORE}^0
* $ ${MATCH}^0
$DEFAULT
}