Preventing Spams and Relays
The mail proxy reads its configuration from a file (smtpd_check_rules) in the /etc directory, in our example, /home/smtpd/etc/smtpd_check_rules. Each line in the file beginning with a # is a comment. Blank lines are allowed. Rules have the following format (one line):
where XXX is the error message number. The first rule that matches will be taken and the check ended, so placement of rules should be done carefully.
The first field states the action to either allow an SMTP connection, deny the SMTP connection and close the session or noto which will return an error for the matching rule but will still continue for the session.
The second field is a list of IP addresses and/or host names to match the source SMTP connection. IP addresses may be specified with a netmask to include a whole network. The format of this is XX.XX.XX.XX/bits where bits is the netmask bits for the network. For instance, a network 192.168.0.0 with netmask 255.255.255.0 would be written as 192.168.0.0/24. A few special reserved identifiers that can be used are:
ALL: any IP address and host name
KNOWN: only IP and host names which are DNS resolvable
UNKNOWN: IP and host names which are not DNS resolvable
*: wild-card character
The third and fourth fields are used to match e-mail addresses and have the format user@host. The special word ALL can also be used in these fields.
The fifth field is optional and is used to return error messages from deny and noto to the SMTP client. The following special variables can be used to return information in the error messages:
%F: mail from address
%T: recipient address
%H: connecting host name
%I: connecting IP address
%U: user from the host
All three fields (SourceList, FromList and ToList) must be matched in order for action to be taken.
Listing 1 is an example of a set of rules that assumes the internal network is 10.0.0.0 and a mail hub is at 10.0.0.9. Note that noto_delay will pause for a certain amount of seconds before action is taken. This option was introduced to delay relayers and spammers and the parameters that control this timeout are set in the Makefile:
NOTO_DELAY = 60 DENY_DELAY = 60
A few other configurations can be done that I have not shown here, namely the NS= pattern-check and the use of the IDENT protocol for identifying users. Users who need a more detailed setup of this file should read the file smtpd_address_check.txt in the source directory. Examples for filtering spams and relays can be downloaded from Obtuse's FTP site.
After creating the configuration file, the running mail daemon must be stopped and replaced with smtpd/smtpfwdd. For Sendmail, this can be done by typing:
> ps ax | grep sendmail 24569 ? S 0:00 sendmail: accepting connections on port 25 > kill 24569
This will effectively shutdown the mail daemon. Now, check for queued mail that the daemon has not yet sent out by issuing the command:
/usr/lib/sendmail -bpIf the mail queue is not empty, flush the queue by typing:
/usr/lib/sendmail -qIf mail is still in the queue after awhile, this command can be resent at a later time so the installation of smtpd/smtpfwdd can continue. No new mail will be accepted while the mail daemon is down.
Start the smtpd daemon by issuing the command:
/usr/local/sbin/smtpd -c /home/smtpd -d /spool\ -u daemon -g daemon -D -L
The smtpd daemon will start accepting mail and spool it to the /home/smtpd/spool directory. The parameters on the command line are defined as follows:
-c /home/smtpd: the smtpd home directory
-d /spool: the directory where spooled mail should be stored
-u daemon -g daemon: user/group smtpd
-D: instruction to run as daemon and listen on the SMTP port
-L: instruction to suppress children in daemon mode from making an openlog call
/usr/local/sbin/smtpfwdd -d /home/smtpd/spool -u\ daemon -g daemonOnce it begins running, smtpfwdd will check the spool directory /home/smtpd/spool and starts processing the spooled mail by running the MTA, in this case Sendmail.
A good idea is to run the MTA in such a way that it periodically processes its mail queue and sends out any mail present. Note that we actually have two spool directories here: one used by smtpd and the other by sendmail (usually in /var/spool/mqueue). To run sendmail in non-daemon mode in order to process the queue every 15 minutes, type:
Once everything is running fine, edit your startup files to run smtpd/smtpfwdd by default instead of sendmail.
- Geek Guide: The DevOps Toolbox
- Download "The DevOps Toolbox: Tools and Technologies for Scale and Reliability"
- Nmap—Not Just for Evil!
- High-Availability Storage with HA-LVM
- Resurrecting the Armadillo
- DNSMasq, the Pint-Sized Super Dæmon!
- Real-Time Rogue Wireless Access Point Detection with the Raspberry Pi
- Localhost DNS Cache
- March 2015 Issue of Linux Journal: System Administration
- Days Between Dates: the Counting