Configuring Anti-Spam in AIX 4.3.2

Contents

This document describes an added ruleset called Scheck_rcpt that checks the destination of the mail, and if the mail needs to be relayed, the sender is checked against a list of valid host or domains. If the sending host is not listed or is not in the listed domain, the relay is denied with the following error message: 550 Relaying Denied.

This ruleset prevents unknown hosts from using a mail server as a relay to spam other sites. It will not prevent spam from being addressed to users on the mail host. It cannot be used to block all mail from a given site or domain because the mail server will still accept mail from anywhere, as long as it is addressed to any name/domain the mail server receives mail for. With sendmail 8.8, you can filter either on host names or domain names.

This document applies to AIX Version 4.3.2.

The product documentation library is also available at the following URL:
http://www.rs6000.ibm.com/resource/aix_resource/Pubs/index.html

You need to update two sections in the sendmail.cf.

1. Add a line for ANTI-RELAY.
   1. Using your favorite editor, edit the following file:

              /etc/sendmail.cf
      

   2. Find two lines that read:

              # file containing names of hosts for which we receive email
              #Fw-o /etc/sendmail.cw
      

   3. Insert a blank line and add the following lines under it:

              #The following line has been added for ANTI-RELAY
              FR-o /etc/sendmail.cR
      

   The FR-o macro points to the file /etc/sendmail.cR, which contains a list of hosts or domains allowed to relay. Anyone not listed will receive a Relaying Denied message.

2. Add the names of the hosts or domains that you want to give relay permissions to the /etc/sendmail.cR.

   NOTE: Hosts or domain names must be listed in a column. For example:

                 entry1
                 entry2
                 entry3...
   

Adding a ruleset entry to sendmail.cf

The real work of the relay denied is in the ruleset's entry at the very end of the sendmail.cf. You can relay using hostnames or domains. Pick which one you want to use and add the corresponding ruleset to the /etc/sendmail.cf file.

NOTES:

• The 550 Relaying Denied message can be changed to whatever message the system administrator chooses.
• The only difference between hostname and domain ruleset is that the two entries for $=R are changed to $* $=R.

ATTENTION: The white space between the left and right rulesets must be tabs, not spaces. Cutting and pasting will change tabs to spaces and this is the number one reason the rulesets fail to work.

Relay using hostnames ruleset

Add the following exactly as it reads here to the end of the /etc/sendmail.cf file:

###  anti-spam stuff to prevent relaying based on host names: 
#LOCAL_RULESETS  
Scheck_rcpt 
# anything terminating locally is ok 
R$*                     $: $>Parse0 $>3 $1
R$+ < @ $* . > $*       $: $1 < @  $2 >
R$+ < @ $=w >           $@ OK
R$+ < @ $* $=R >        $@ OK
# anything originating locally is ok 
R$*                     $: $(dequote "" $&{client_name} $)
R$=w                    $@ OK
R$* $=R                 $@ OK
R$@                     $@ OK
# anything else is bogus 
R$*                     $#error $: "550 Relaying Denied"

Relay using domains ruleset

Add the following exactly as it reads here to the end of the /etc/sendmail.cf file:

###  anti-spam stuff to prevent relaying based on domain names.  
#LOCAL_RULESETS  
Scheck_rcpt 
# anything terminating locally is ok 
R$*                     $: $>Parse0 $>3 $1
R$+ < @ $* . > $*       $: $1 < @ $2 >
R$+ < @ $=w >           $@ OK
R$+ < @ $* $=R >        $@ OK
# anything originating locally is ok 
R$*                     $: $(dequote "" $&{client_name} $)
R$=w                    $@ OK
R$* $=R                 $@ OK
R$@                     $@ OK
# anything else is bogus 
R$*                     $#error $: "550 Relaying Denied"

Notifying sendmail of the new configuration

Finally, after making all the changes to the /etc/sendmail.cf file, you must tell sendmail that it has a new configuration. Enter:

           refresh -s sendmail

The following message should display:

           0513-095 The request for subsystem refresh was completed successfully.

If you do not see this message, check to make sure sendmail is active. Enter:

           lssrc -s sendmail

If sendmail is running, the following status displays:

             Subsystem         Group            PID     Status 
             sendmail          mail             5424    active

If it is not active, start sendmail by issuing the following command:

            startsrc -s sendmail -a "-bd -q30m"

To test the relay, omit your domain in the /etc/sendmail.cR and then try to telnet to that machine's port 25, which is the port sendmail listens on. For example:

# tn venus 25 
Trying... 
Connected to venus.austin.ibm.com. 
Escape character is '^T'. 
220 venus.austin.ibm.com ESMTP Sendmail AIX4.3/UCB 8.8.8; Tue, 30 Mar 1999
18:47:0 
1 -0600 
helo carter 
250 venus.austin.ibm.com Hello carter.test.com [9.3.6.74], pleased to meet you 
mail from: joe@spam.mail.com 
250 joe@spam.mail.com... Sender ok 
rcpt to:bill@whitehouse.gov 
550 bill@whitehouse.gov... Relaying Denied 

If everything worked you should get a message back that says Relaying Denied. After you have finished testing, add your domain back in the /etc/sendmail.cR, so it relays only for your domain.

[ Doc Ref: 95626258821642     Publish Date: Jan. 12, 2001     4FAX Ref: 8559 ]