I am running three debian email servers and recently wanted to address spam coming in to them. One sever is sendmail version 8.14.4 the other two are 8.14.3. All three servers exhibit the same behavior.
I added milter-greylist to each of them, it works brilliantly, stopping better than 50% of incoming spam.
I then tried to install realtime dns blacklist checking using three popular free services with entries to my /etc/mail/sendmail.mc file.
Two of the services, bl.spamcop.net and dnsbl.sorbs.net cause sendmail to reject every single incoming message as observed in my /var/log/mail.log file.
The third black list service, zen.spamhaus.org when enabled, doesn't seem to do anything at all.
I have tried all sorts of combinations, disabling greylisting, inserting the ipv6 workaround ( define(`DNSBL_MAP'...), using the enhanced blacklist feature "enhdnsbl" and activating only one blacklist at a time. Each time recompiling my sendmail.mc file and restarting sendmail.
I cannot find any references to others that have had this behavior and I'm at a loss as how to troubleshoot it from here.
If anyone has any suggestions or comments, they are greatly appreciated.
My sendmail.mc follows at the end of this posting.
Thanks in advance,
John
Code:
#
# Copyright (c) 1998-2005 Richard Nelson. All Rights Reserved.
#
# This file is used to configure Sendmail for use with Debian systems.
#
define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
VERSIONID(`$Id: sendmail.mc, v 8.14.4-4 2013-02-11 11:12:33 cowboy Exp $')
OSTYPE(`debian')dnl
DOMAIN(`debian-mta')dnl
dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE
undefine(`confHOST_STATUS_DIRECTORY')dnl #DAEMON_HOSTSTATS=
dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE
dnl #
dnl # General defines
dnl #
dnl # SAFE_FILE_ENV: [undefined] If set, sendmail will do a chroot()
dnl # into this directory before writing files.
dnl # If *all* your user accounts are under /home then use that
dnl # instead - it will prevent any writes outside of /home !
dnl # define(`confSAFE_FILE_ENV', `')dnl
dnl #
dnl # Daemon options - restrict to servicing LOCALHOST ONLY !!!
dnl # Remove `, Addr=' clauses to receive from any interface
dnl # If you want to support IPv6, switch the commented/uncommentd lines
dnl #
FEATURE(`no_default_msa')dnl
dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl
DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp')dnl
dnl DAEMON_OPTIONS(`Family=inet6, Name=MSP-v6, Port=submission, M=Ea, Addr=::1')dnl
DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, M=Ea')dnl
dnl #
dnl # Be somewhat anal in what we allow
define(`confPRIVACY_FLAGS',dnl
`needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl
dnl #
dnl # Define connection throttling and window length
define(`confCONNECTION_RATE_THROTTLE', `15')dnl
define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl
dnl #
dnl # Features
dnl #
dnl # use /etc/mail/local-host-names
FEATURE(`use_cw_file')dnl
dnl #
dnl # The access db is the basis for most of sendmail's checking
FEATURE(`access_db', , `skip')dnl
dnl #
dnl # The greet_pause feature stops some automail bots - but check the
dnl # provided access db for details on excluding localhosts...
FEATURE(`greet_pause', `1000')dnl 1 seconds
dnl #
dnl # Delay_checks allows sender<->recipient checking
FEATURE(`delay_checks', `friend', `n')dnl
dnl #
dnl #
FEATURE(`virtusertable')dnl
FEATURE(`mailertable')dnl
dnl #
dnl # the following was added to make milter-greylist work, see its readme
dnl #
INPUT_MAIL_FILTER(`greylist',
`S=local:/var/run/milter-greylist/greylist.sock')
define(`confMILTER_MACROS_CONNECT', `j, {if_addr}')
define(`confMILTER_MACROS_HELO', `{verify}, {cert_subject}')
define(`confMILTER_MACROS_ENVFROM', `i, {auth_authen}')
define(`confMILTER_MACROS_ENVRCPT', `{greylist}')
dnl #
dnl # The following lines activate DNS based Black (HOLE) List testing on three different free services
dnl #
define(`DNSBL_MAP', `dns -R A')
dnl #
dnl #
FEATURE(`dnsbl', `dnsbl.sorbs.net', `"571 IP=" $&{client_addr} " -see http://www.sorbs.net/'")dnl
FEATURE(`enhdnsbl', `zen.spamhaus.org',`"571 IP=" $&{client_addr} " -see http://www.spamhaus.org/"')dnl
FEATURE(`dnsbl', `bl.spamcop.net', `"571 IP=" $&{client_addr} " -see http://spamcop.net/bl.shtml?"')dnl
#
dnl # If we get too many bad recipients, slow things down...
define(`confBAD_RCPT_THROTTLE',`3')dnl
dnl #
dnl # Stop connections that overflow our concurrent and time connection rates
FEATURE(`conncontrol', `nodelay', `terminate')dnl
FEATURE(`ratecontrol', `nodelay', `terminate')dnl
dnl #
dnl # If you're on a dialup link, you should enable this - so sendmail
dnl # will not bring up the link (it will queue mail for later)
dnl define(`confCON_EXPENSIVE',`True')dnl
dnl #
dnl # Dialup/LAN connection overrides
dnl #
include(`/etc/mail/m4/dialup.m4')dnl
include(`/etc/mail/m4/provider.m4')dnl
dnl #
dnl # Masquerading options
FEATURE(`always_add_domain')dnl
MASQUERADE_AS(`mydomain.com')dnl
FEATURE(`allmasquerade')dnl
FEATURE(`masquerade_envelope')dnl
dnl #
dnl # Default Mailer setup
MAILER_DEFINITIONS
MAILER(`local')dnl
MAILER(`smtp')dnl
dnl # thatt's all folks
Hi all,
I have read about sendmail running as 2 separate process.
1 as a MSP, and the other as the real daemon or MTA.
In my current configuration,
the sendmail-client is disabled.
Both submit.cf and sendmail.cf are left as default untouch
I do not specified any mailhost... (3 Replies)
I am running SCO 5.0.6 and using sendmail 8.11.0 and having issues with smtp authentication. When trying to send mail the following message will kick back.
(reason: 530 5.7.1 Authentication required)
530 5.7.1 Authentication required
Not sure what needs to be tweeked in sendmail.cf but I... (1 Reply)
Greetings... i was wondering if there is any shell configuration
or third party application that enables the command history by pressing keyboard up arrow, like GNU/BASH does
or are there an SCO compatible bash versio to download?
where ?
just wondering
(sory my stinky english) (2 Replies)
