Preventing backscatter with sendmail

Paul Welsh paul.welsh.3 at googlemail.com
Wed Jan 21 14:05:05 GMT 2009 

> Date: Tue, 20 Jan 2009 16:33:41 +0100
> From: Glenn Steen <glenn.steen at gmail.com>
> Subject: Re: Preventing backscatter with sendmail
>
> Ok. You noticed that smf-sav does do recipient verification? And that
> you don't need do sender verification with it to have the recipient
> verification?
>

Hi Glenn

Actually I didn't notice, but I have now got scam-backscatter working.

One gotcha I found.  For anyone who uses it in conjunction with
milter-greylist then milter-greylist redefines one of the sendmail.mc
macros as:

define(`confMILTER_MACROS_ENVRCPT', `{greylist}')

but you'll need to change it to this for scam-backscatter to work:

define(`confMILTER_MACROS_ENVRCPT', `{rcpt_mailer}, {rcpt_host},
{rcpt_addr}, {greylist}')

For anyone who's interested here's how you install on Centos 5.2 with
sendmail 8.13 which is using the mailertable feature.  Apologies that
it's so detailed:

Ensure that sendmail-devel is installed:
yum install sendmail-devel

Download the source files from
http://www.elandsys.com/scam/scam-backscatter/ into a temp directory
and extract the file:
tar xzvf scamback-1.4.1.tar.gz

Change to the scamback directory
cd scamback

Copy Makefile.linux over Makefile:
cp -f Makefile.linux Makefile

To use sendmail 8.13+ and mailertable, edit Makefile and change the line:
CCFLAGS += -O2 -D_REENTRANT -DLINUX -D_XOPEN_SOURCE=600 -D_BSD_SOURCE
To:
CCFLAGS += -O2 -D_REENTRANT -DLINUX -D_XOPEN_SOURCE=600 -D_BSD_SOURCE
–DSM813 -DUSEMAILERTABLE

Make the application:
make

The compiled file is scam-back.  Copy this to /usr/local/sbin:
cp scam-back /usr/local/sbin/

Copy the sample configuration file to /etc/mail:
cp scam.conf /etc/mail/

Create a var/spool/scam directory:
mkdir /var/spool/scam

Create a scamback user:
adduser scamback

Ensure the scamback user has access to the /var/spool/scam directory:
chown -R scamback:scamback /var/spool/scam

Go to the sendmail directory:
cd /etc/mail

Edit sendmail.mc and add the following line above the line for greylist:
INPUT_MAIL_FILTER(`scam-back', `S=unix:/var/spool/scam/scam-back.sock,
F=T, T=S:240s;R:240s;E:5m')dnl

Change the following line:
define(`confMILTER_MACROS_ENVRCPT', `{greylist}')
to:
define(`confMILTER_MACROS_ENVRCPT', `{rcpt_mailer}, {rcpt_host},
{rcpt_addr}, {greylist}')

Edit scam.conf and comment out the following lines because the
mailertable is used instead:
#BackSMTPServer
#BackAddrDomain
#BackAddrDomain

Optionally, uncomment and change the following line so a temporary
error is returned if bctmail01 can't be contacted:
BackErrorTempfail:Yes

Make sendmail.cf:
make -C /etc/mail

To manually start scam-back as a demon:
scam-back -p unix:/var/spool/scam/scam-back.sock -u scamback –D

To manually kill scam-back:
kill `cat /var/spool/scam/scam-back.pid`

I created a milter-scamback script to automatically start and stop
scamback but I'm too embarassed to post it here!

More information about the MailScanner mailing list