A patch for smap/TIS FWTK 2.1
There is no warranty or other guarantee of fitness of this software.
It is provided solely "as is". The author disclaims all
responsibility and liability with respect to this software's usage
or its effect upon hardware or computer systems.
Revisions:
25-Jul-99 Version 3.03 - Added check for multiple '@' and correction
for chop_domain to handle dot-quad addresses.
Patch provided by <felfert@to.com>
04-Jun-99 Version 3.02 - Added anti-! and anti-% features
26-May-98 Version 3.01 - Added patch to support a service name on the
smap command line. Provided by <3c9x5@altabates.com>
11-May-98 Version 3.00 - Added wildcard support for relay-domain option
NOTE: relay-domain arguments have changed!
15-Apr-98 Version 2.15 - Added check for DNS requirement in initResolv()
28-Mar-98 Version 2.14 - Skip spam checks for internal SMTP clients
25-Mar-98 Version 2.13 - Made empty sender check optional (RFC821)
05-Mar-98 Version 2.12 - Added check for empty sender address
25-Feb-98 Version 2.11 - Added error message for dropped spam
02-Dec-97 Version 2.10 - Added support for MAPS RBL.
10-Nov-97 Version 2.09 - Added support for multiple relay-domain lines.
07-Nov-97 Version 2.08 - Fixed core dump when relay-domain is not specified.
04-Nov-97 Version 2.07 - Added better handling of european domains and
added support for new top level domains.
07-Oct-97 Version 2.06 - Spam log message changed & smap-summ.sh fixed
to support new message.
06-Oct-97 Version 2.05 - Changed from MX to NS record to verify sender's
address.
02-Oct-97 Version 2.04 - Added DNS nameserver query to verify sender's
address.
01-Oct-97 Version 2.03 - Added support for multiple relay-domain entries.
Included spam-summ.sh by <kempster@monarch.rnb.com>
30-Sep-97 Version 2.02 - Removed mqueue subdirectory from the chrooted
environment.
18-Sep-97 Version 2.01 - Added relay-domain option
Description:
-
This patch provides protection for your site from spammers. For each message
received, the sender's email address and mailrelay are verified against a
hash list of known spammers. If the sender's email address or mailrelay
matches an entry in the hash list, a "550 sender ignored" message is sent
to the SMTP client and the message will be ignored. A log message will also be
issued:
Aug 27 19:01:59 hostname smap[7591]: spam ignored \
address=joe@spam.net host=m1.spam.net/10.0.0.1 (DB)
The current version of NoSpam! can be down-loaded from:
http://www.sabernet.net/software/smap_nospam.tar.gz
Requirements:
-
This patch uses ndbm(3) for the hash routines. If your platform does not have
ndbm, pick up a copy of gdbm, from ftp://prep.ai.mit.edu.
BIND version 4.9.4 or newer is required. The most current version of BIND
can be obtained from http://www.isc.org/bind.html
All TIS FWTK 2.0 patches should be installed *before* installing this patch.
Patches are available from ftp://ftp.tislabs.com/pub/firewalls/toolkit/patches2.0 and
http://www.fwtk.org.
File Listing:
-
Files included in this package:
nospam.html - This file
Makefile.diff - Makefile patch.
mkspamdb.c - Spam database maintenance tool
nospam.c - Spam verification routine for smap
smap.c.diff - smap.c patch
spam-summ.sh - Spam summary script
spam.list - Sample spam list
Tool Usage:
-
The mkspamdb tool builds, updates, and lists the contents of the spam list.
Usage: mkspamdb [-v|-l|-r] -f -d
-v Verbose mode. Displays entries as they are added
to the list.
-l List mode. Dumps the hash list to stdout.
-f <filename> File to read spam entries from.
-d <db_name> Full pathname of the database to act on.
-r When combined with the -f option, removes spam
entries instead of adding them.
The input file may contain any of the following: IP addresses, domain names,
or email addresses. An example would be:
205.199.193
205.218.84
205.218.85
205.218.86
awgroup.com
babchurch.org
bealeader.com
@becsplace.com
betterways.net
bhoman.com
csource@mercury.af2.com
Data is read from the first non-whitespace character up to any whitespace
character. This allows you to use spam lists from a variety of sources
without modification.
When blocking spam from an entire site, the software breaks down domain names
into two or three units. For domains that end in .com, .edu, .net, .org,
.gov, .mil, .firm, .store, .web, .arts, .rec, .info, or .nom the last two
units of the domain name are used. For all others, the last three units are
used for comparison.
Examples:
judo.spam.net ==> spam.net
boomer.zspam.com.uk ==> zspam.com.uk
The same algorithm is used when sender verification is enabled (explained
below).
Netperm-table:
-
Smap is usually run from a chrooted environment. You will need to place the spam
database somewhere within that environment. The following is a sample
netperm-table configuration for smap and smapd:
# smap rules:
# -----------
smap, smapd: userid 60001
smap, smapd: directory /var/spool/smap
smapd: executable /usr/local/etc/smapd
smapd: sendmail /usr/lib/sendmail
smap: timeout 3600
smap: spam-database spamdb
smap: relay-domain your_domain.com *.your_domain.com 10.0.0.*
spam-database
After creating the spam database make sure that the permissions are set as
follows:
drwx------ 2 nobody other 512 Sep 30 20:39 ./
drwxr-xr-x 3 nobody other 512 Sep 30 21:08 ../
-rw------- 1 nobody other 4096 Sep 30 20:39 spamdb.dir
-rw------- 1 nobody other 32768 Sep 30 20:39 spamdb.pag
Otherwise a message such as the following will be logged:
Sep 30 21:08:00 hostname smap[3675]: error opening spam-database: spamdb
relay-domain
With the relay-domain option enabled, all messages sent from
mail hosts other than those that match the relay-domain will receive the following
message when they try to use your mailer as a relay:
220 mailhost SMTP/smap Ready.
mail from: <joe@spam.net>
rcpt to: <mike@some.com>
571 mike@some.com... we do not relay
In order to deliver mail to user@your_domain.com and
user@machine.your_domain.com you will need to specify each of your
domain names twice as shown above.
Networks may be listed in addition to domain names.
According to RFC821 an empty MAIL FROM:<> is permissible. To disable the
check for an empty reverse-path, include the RFC821 option in your smap
netperm-table entries. (Thanks go to Al Blake for pointing this out)
Sender Verification:
-
Verification of the sender's email address can be turned on by
adding the following line to your netperm-table:
smap: nospam ns-required
When a sender's email address is received, a DNS lookup is performed
to verify that an NS record exists for the given domain. For example,
assume that 001232.com does not exist:
220 mailhost SMTP/smap Ready.
mail from: <spam@001232.com>
550 sender ignored: 001232.com does not have a name server record
This is useful if you receive lots of spam from nonexistent domains.
MAPS RBL Support:
-
Support for Paul Vixie's Mail Abuse Prevention System's Realtime Blackhole
List (MAPS RBL) was added in Version 2.10. This feature can be enabled
by adding the following line to your netperm-table:
smap: nospam maps-rbl
A DNS lookup is performed on the client's IP address. If the address exists
in the blackhole list, the following error message will be generated:
Aug 27 19:23:04 hostname smap[7602]: spam ignored \
address=mlm@some.com host=unknown/205.199.212.50 (MAPS RBL)
More information about the MAPS RBL can be found here:
- http://maps.vix.com/rbl/usage.html
Errata:
-
| Version 2.14 |
.... |
All spam checks are now ignored for internal hosts if the
relay-domain option is set in the netperm-table. This allows
empty FROM: commands to be accepted for internal hosts only. |
Bug Reports:
-
Please send bug reports to bugs@sabernet.net.
|