On 04/21/2014 03:15 PM, Alexander Dalloz wrote:
That's good. It would even be better to know what action has made it
stopping. Do you still see spammers trying to misused your Sendmail as
a relay? That would be something to be expected once the system got
identified as a misusable relay.
Actions I took:
1) http://barracudacentral.org has me blacklisted. Impossible for me
to remove my domain name from their blacklist because their BL
removal request website form simply hangs and timeout. I am
still using them and they are blocking spammers in the meantime.
2) I plugged the heartbleed issue by rebuilding OpenSSL RPM Source
file and it passed the check tool.
3) Cleaned up sendmail.mc and for all appearances *seems* to be
working both with dnsbl + access database. MC list is appended
below.
4) I am adding spammers to the access database and so far I received
one spammer so it appears that access database is working. I have
over 50k records built from various access list from the Internet and
my tedious manual entries from 10+ years ago to present.
5) Knocking on wood, crossing my fingers that I won't get blown out of
water.
my sendmail.mc: (If you don't mind, please feel free to comment!)
divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Please remember that saslauthd needs to be running for AUTH.
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl # cd /etc/pki/tls/certs; make sendmail.pem
dnl # Complete usage:
dnl # make -C /etc/pki/tls/certs usage
dnl #
define(`CERT_DIR', `/etc/pki/tls/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/ca-bundle.crt')dnl
define(`confCRL', `CERT_DIR/ca-bundle.crt')dnl
define(`confSERVER_CERT', `CERT_DIR/sendmail.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/sendmail.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/sendmail.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/sendmail.pem')dnl
dnl ###
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`confALIAS_WAIT', `0')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
PLAIN')dnl
define(`confAUTH_OPTIONS', `A p y')dnl
define(`confCONNECTION_RATE_THROTTLE', `2')dnl
define(`confCON_EXPENSIVE', `true')dnl
define(`confDEF_CHAR_SET', `iso-8859-1')dnl
define(`confDEF_USER_ID', ``8:12'')dnl
define(`confDIAL_DELAY', `20s')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`confLOG_LEVEL', `9')dnl
define(`confMAX_DAEMON_CHILDREN', `30')dnl
define(`confMAX_HOP', `35')dnl
define(`confMAXRCPTSPERMESSAGE', `50')dnl
define(`confMAX_MESSAGE_SIZE', `15000000')dnl
define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name},
{if_name}, {if_addr}')dnl
define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher},
{cipher_bits}, {cert_subject}, {cert_issuer}')dnl
define(`confNO_RCPT_ACTION', `add-apparently-to')dnl
define(`confPRIVACY_FLAGS',
`authwarnings,goaway,restrictmailq,restrictqrun,needmailhelo')dnl
define(`confQUEUE_LA', `5')dnl
define(`confQUEUE_SORT_ORDER', `Time')dnl
define(`confREFUSE_LA', `12')dnl
define(`confSEPARATE_PROC', `False')dnl
define(`confSINGLE_LINE_FROM_HEADER', `True')dnl
define(`confSMTP_LOGIN_MSG', `$j')dnl
define(`confTLS_SRV_OPTIONS', `V')dnl
define(`confTO_CONNECT', `20s')dnl
define(`confTO_DATABLOCK', `35m')dnl
define(`confTO_DATAFINAL', `35m')dnl
define(`confTO_DATAINIT', `6m')dnl
define(`confTO_HELO', `5m')dnl
define(`confTO_HOSTSTATUS', `2m')dnl
define(`confTO_IDENT', `0')dnl
define(`confTO_INITIAL', `6m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confWORK_RECIPIENT_FACTOR', `1000')dnl
define(`confWORK_TIME_FACTOR', `3000')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
EXPOSED_USER(`root')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
dnl FEATURE(`authinfo',`hash /etc/mail/authinfo.db')dnl
FEATURE(always_add_domain)dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`block_bad_helo')dnl
FEATURE(delay_checks)dnl
FEATURE(`dnsbl', `b.barracudacentral.org', `"Rejected
["$&{client_addr}"] by barracudacentral.org"')dnl
FEATURE(`dnsbl', `zen.spamhaus.org', `"Rejected
["$&{client_addr}"] by spamhaus.org"')dnl
FEATURE(`dnsbl', `dnsbl.sorbs.net', `"Rejected
["$&{client_addr}"] by dnsbl.sorbs.net"')dnl
FEATURE(`enhdnsbl', `bl.spamcop.net', `"Rejected
["$&{client_addr}"] by spamcop.net"', `t')dnl
FEATURE(`dnsbl', `relays.ordb.org' `"Rejected
["$&{client_addr}"] by relays.ordb.org"')dnl
dnl FEATURE(`dnsbl', `relays.osirusoft.com', `"Rejected
["$&{client_addr}"] by relays.osirusoft.com"')dnl
FEATURE(`generics_entire_domain')dnl
dnl FEATURE(`greet_pause', `3000')dnl
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(lookupdotdomain)dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(masquerade_envelope)dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`nouucp',`reject')dnl
FEATURE(redirect)dnl
dnl FEATURE(`relay_based_on_MX')dnl
FEATURE(relay_hosts_only)dnl
FEATURE(`relay_entire_domain')dnl
FEATURE(`require_rdns')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(use_ct_file)dnl
FEATURE(use_cw_file)dnl
FEATURE(`virtuser_entire_domain')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
LOCAL_DOMAIN(`myEmailServer.com')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
