[OT] How to avoid Backscatter in Sendmail

Wed Apr 21 15:45:05 IST 2010

disable relay_based_on_MX
Ken

On 4/21/2010 8:36 AM, Marcello Anderlini wrote:
> I beg your pardon but for this OT but I'm desperate, my system is
> blacklisted by Backscatterer.org and I'm trying to configure it to avoid
> backscatter.
> I'm following what suggest here:
> http://elqui.dcsc.utfsm.cl/util/email/backscatter.html
>
> I'm using sendmail-8.13.1-3.3.el4. on a CentOS release 4.8.
> I configured my access file to reject unknown recipients but my system still
> sends an email instead of rejecting it at smtp initial transaction.
>
> I would be very grateful for any kind of help anyone could give me.
>
> Best regards
>
>
> This is my sendmail.mc
>
> divert(-1)
> dnl This is the sendmail macro config file. If you make changes to this
> file,
> dnl you need the sendmail-cf rpm installed and then have to generate a
> dnl new /etc/sendmail.cf by running the following command:
> dnl
> dnl        m4 /etc/mail/sendmail.mc>  /etc/sendmail.cf
> dnl
> include(`/usr/share/sendmail-cf/m4/cf.m4')
> VERSIONID(`linux setup for Red Hat Linux')dnl
> OSTYPE(`linux')
> define(`confDEF_USER_ID',``8:12'')dnl
> undefine(`UUCP_RELAY')dnl
> undefine(`BITNET_RELAY')dnl
> define(`confTO_CONNECT', `1m')dnl
> define(`confTRY_NULL_MX_LIST',true)dnl
> define(`confDONT_PROBE_INTERFACES',true)dnl
> define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
> define(`ALIAS_FILE', `/etc/aliases')dnl
> define(`confCW_FILE', `/etc/mail/sendmail.cw')dnl
> dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
> define(`UUCP_MAILER_MAX', `2000000')dnl
> define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
> define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
> define(`confAUTH_OPTIONS', `A')dnl
> TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> define(`confBAD_RCPT_THROTTLE',`2')dnl
> dnl define(`confTO_QUEUEWARN', `4h')dnl
> dnl define(`confTO_QUEUERETURN', `5d')dnl
> dnl define(`confQUEUE_LA', `12')dnl
> dnl define(`confREFUSE_LA', `18')dnl
> dnl FEATURE(delay_checks)dnl
> FEATURE(`no_default_msa',`dnl')dnl
> FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
> FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
> FEATURE(redirect)dnl
> FEATURE(always_add_domain)dnl
> FEATURE(use_cw_file)dnl
> FEATURE(use_ct_file)dnl
> FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
> FEATURE(`access_db',`hash -T<TMPF>  -o /etc/mail/access.db')dnl
> FEATURE(`blacklist_recipients')dnl
> FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
> FEATURE(`enhdnsbl', `bl.spamcop.net', `"553 rejected - see
> http://spamcop.net/bl.shtml?"$&{client_addr}', `')dnl
> FEATURE(`enhdnsbl', `cbl.abuseat.org', `"553 rejected - see
> http://cbl.abuseat.org/lookup.cgi?"$&{client_addr}', `')dnl
> FEATURE(`enhdnsbl', `sbl-xbl.spamhaus.org', `"553 rejected - see
> http://www.spamhaus.org/query/bl?"$&{client_addr}', `')dnl
> FEATURE(`enhdnsbl', `clients.blocked.rbl', `"553 rejected - see
> http://www.database.it/bl.asp?"$&{client_addr}', `')dnl
> FEATURE(`enhdnsbl', `hosts.blocked.rbl', `"553 rejected - see
> http://www.database.itt/bl.asp?"$&{client_addr}', `')dnl
> EXPOSED_USER(`root')dnl
> dnl This changes sendmail to only listen on the loopback device 127.0.0.1
> dnl and not on any other network devices. Comment this out if you want
> dnl to accept email over the network.
> dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
> dnl NOTE: binding both IPv4 and IPv6 daemon to the same port requires
> dnl       a kernel patch
> dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')
> dnl We strongly recommend to comment this one out if you want to protect
> dnl yourself from spam. However, the laptop and users on computers that do
> dnl not have 24x7 DNS do need this.
> dnl FEATURE(`accept_unresolvable_domains')dnl
> FEATURE(`relay_based_on_MX')dnl
> MAILER(smtp)dnl
> MAILER(procmail)dnl
> Cwlocalhost.localdomain
>
>
>
> Dr. Marcello Anderlini
> m.anderlini at database.it
> ---------------------------------------------
> Database Informatica S.r.l.
> Microsoft Certified Partner
> Tel.  +39059775070
> Fax. +39059779545
> http://www.database.it
> ---------------------------------------------
>
>

-- 
Ken Anderson
Pacific Internet - http://www.pacific.net