From: Anthony Howe
Date: 2005-04-19 04:32:30 -0400
Subject: Re: Sendmail Question.
More information..: http://www.milter.info/#Support
Ismael Perin wrote:
> Because the users with 3D<something>@mydomain.com be sent frequently to my
> real users. And too e-mails like this email@example.com be sent.
This is a constant problem. Consider looking at a grey-listing milter:
Or look into SPF or hash-cash.
milter-sender does not validate senders that claim to be from the
localhost. It was a early design choice, because a sendmail ruleset is
better for this.
You could try the Sendmail ruleset I've attached (take care of any line
wrapping and the need for tabs between left and right sides of the
rules). I've only just written this and its lightly tested. You should
test it very carefully before using it: real addresses, virtusertable
addresses, aliases, acounts without a shell (daemons), false users,
emails with subdomains or machine name, etc...
NOTE that this ruleset will NOT stop a spammer using a locally valid
address, in which case you should look into SPF and SMTP+AUTH.
One thing to avoid: remove all catch-all addresses from your
virtusertable. A catch-all address will just allow spammers to send mail
with any user name they want to the domain owner or handler of the
catch-all mailbox. Catch-all addresses are EVIL and any business that
thinks they should have one just to be sure not to lose a potentially
important mail is certainly welcome to all the spam they get, because of
> How to I enable only users listed on /etc/passwd and aliases to send emails?
SMTP+AUTH+STARTLS is the only sure way. Settting this up by hand from
the source is sufficiently complex (I know because I've done it). Please
see sendmail.org and/or comp.mail.sendmail about doing this. I recommend
using a prebuilt package or /usr/port that does most of the work for you.
Anthony C Howe +33 6 11 89 73 78
7116561 AIM: Sir Wumpus
"held in my arms / his sun washed face / eyes closed" - Anthony
-- Attached file included as plaintext by Ecartis --
-- File: islocalsender.mc
KhasShell user -vshell
KisAlias hash -m /etc/mail/aliases
# If the sender claims to be within a domain we handle, then
# is it a local user account with a shell from /bin, a virtual
# user mapping, or an alias. Reject if its none of the above.
R$* $: $>canonify $1
R$+ <@ $* $=w .> $: $1 <@ $2 $3 .> $(hasShell $1 $)
R$+ <@ $* $=w .> /bin $+ $@ OK
R$+ <@ $* $=w .> $* $: $1 <@ $2 $3 .> $(virtuser $1 @ $2 $3 $: .NOMATCH $)
R$+ <@ $* $=w .> .NOMATCH $: $1 <@ $2 $3 .> $(isAlias $1 $: .NOMATCH $)
R$+ <@ $* $=w .> .NOMATCH $#error $@ 5.7.1 $: "User unknown"
Copyright 2009, 2012 by SnertSoft. All rights reserved.