InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : sendmail 8.14 FEATURE dnsbl seems broken? |
|
Answer» Hello, I am running three debian email servers and recently wanted to address spam coming in to them. One SEVER is sendmail version 8.14.4 the other two are 8.14.3. All three servers exhibit the same behavior. I added milter-greylist to each of them, it works brilliantly, stopping better than 50% of incoming spam. I then tried to install realtime dns blacklist checking using three popular free services with entries to my /etc/mail/sendmail.mc file. Two of the services, bl.spamcop.net and dnsbl.sorbs.net cause sendmail to reject every single incoming message as observed in my /var/log/mail.log file. The third black list service, zen.spamhaus.org when enabled, doesn't seem to do anything at all. I have tried all sorts of combinations, disabling greylisting, inserting the ipv6 workaround ( define(`DNSBL_MAP'...), using the enhanced blacklist feature "enhdnsbl" and activating only one blacklist at a time. Each time recompiling my sendmail.mc file and restarting sendmail. I cannot find any references to others that have had this behavior and I'm at a loss as how to troubleshoot it from here. If anyone has any suggestions or comments, they are greatly appreciated. My sendmail.mc follows at the end of this posting. Thanks in advance, John Code: [Select]# # COPYRIGHT (C) 1998-2005 Richard Nelson. All Rights Reserved. # # This file is used to configure Sendmail for use with Debian systems. # define(`_USE_ETC_MAIL_')dnl include(`/usr/share/sendmail/cf/m4/cf.m4')dnl VERSIONID(`$Id: sendmail.mc, v 8.14.4-4 2013-02-11 11:12:33 cowboy Exp $') OSTYPE(`debian')dnl DOMAIN(`debian-mta')dnl dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE undefine(`confHOST_STATUS_DIRECTORY')dnl #DAEMON_HOSTSTATS= dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE dnl # dnl # General defines dnl # dnl # SAFE_FILE_ENV: [undefined] If set, sendmail will do a chroot() dnl # into this directory before writing files. dnl # If *all* your user accounts are under /home then use that dnl # instead - it will prevent any writes outside of /home ! dnl # define(`confSAFE_FILE_ENV', `')dnl dnl # dnl # Daemon options - restrict to servicing LOCALHOST ONLY !!! dnl # Remove `, Addr=' clauses to receive from any interface dnl # If you want to support IPv6, switch the commented/uncommentd lines dnl # FEATURE(`no_default_msa')dnl dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp')dnl dnl DAEMON_OPTIONS(`Family=inet6, Name=MSP-v6, Port=submission, M=Ea, Addr=::1')dnl DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, M=Ea')dnl dnl # dnl # Be somewhat *censored* in what we allow define(`confPRIVACY_FLAGS',dnl `needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl dnl # dnl # Define connection throttling and window length define(`confCONNECTION_RATE_THROTTLE', `15')dnl define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl dnl # dnl # Features dnl # dnl # use /etc/mail/local-host-names FEATURE(`use_cw_file')dnl dnl # dnl # The access db is the basis for most of sendmail's checking FEATURE(`access_db', , `skip')dnl dnl # dnl # The greet_pause feature stops some automail bots - but check the dnl # provided access db for details on excluding localhosts... FEATURE(`greet_pause', `1000')dnl 1 seconds dnl # dnl # Delay_checks allows sender<->recipient checking FEATURE(`delay_checks', `friend', `n')dnl dnl # dnl # FEATURE(`virtusertable')dnl FEATURE(`mailertable')dnl dnl # dnl # the following was added to make milter-greylist work, see its readme dnl # INPUT_MAIL_FILTER(`greylist', `S=local:/var/run/milter-greylist/greylist.sock') define(`confMILTER_MACROS_CONNECT', `j, {if_addr}') define(`confMILTER_MACROS_HELO', `{verify}, {cert_subject}') define(`confMILTER_MACROS_ENVFROM', `i, {auth_authen}') define(`confMILTER_MACROS_ENVRCPT', `{greylist}') dnl # dnl # The following lines activate DNS based Black (HOLE) List testing on three DIFFERENT free services dnl # define(`DNSBL_MAP', `dns -R A') dnl # dnl # FEATURE(`dnsbl', `dnsbl.sorbs.net', `"571 IP=" $&{client_addr} " -see http://www.sorbs.net/'")dnl FEATURE(`enhdnsbl', `zen.spamhaus.org',`"571 IP=" $&{client_addr} " -see http://www.spamhaus.org/"')dnl FEATURE(`dnsbl', `bl.spamcop.net', `"571 IP=" $&{client_addr} " -see http://spamcop.net/bl.shtml?"')dnl # dnl # If we get too many bad recipients, slow things down... define(`confBAD_RCPT_THROTTLE',`3')dnl dnl # dnl # Stop connections that overflow our concurrent and time connection rates FEATURE(`conncontrol', `nodelay', `terminate')dnl FEATURE(`ratecontrol', `nodelay', `terminate')dnl dnl # dnl # If you're on a dialup link, you should enable this - so sendmail dnl # will not bring up the link (it will queue mail for later) dnl define(`confCON_EXPENSIVE',`True')dnl dnl # dnl # Dialup/LAN connection overrides dnl # include(`/etc/mail/m4/dialup.m4')dnl include(`/etc/mail/m4/provider.m4')dnl dnl # dnl # Masquerading options FEATURE(`always_add_domain')dnl MASQUERADE_AS(`mydomain.com')dnl FEATURE(`allmasquerade')dnl FEATURE(`masquerade_envelope')dnl dnl # dnl # Default Mailer setup MAILER_DEFINITIONS MAILER(`local')dnl MAILER(`smtp')dnl dnl # thatt's all folks |
|