Dave Robbins <dave(_at_)magic(_dot_)geol(_dot_)ucsb(_dot_)edu> writes:
I've just been notified that my users are being spammed by someone
sending mail to
Undisclosed(_dot_)Recipients(_at_)magic(_dot_)geol(_dot_)ucsb(_dot_)edu (my
server).
Rather than get all of our users to add the sender to their killfile,
is there a way to delete the spam and return EXITCODE 77 to the spammer
with either sendmail (8.9.3) or procmail (3.11pre4)? Procmail is my
local mailer but I've never heard of a system-wide .procmailrc --
probably wouldn't be kosher.
To quote the procmail(1) manpage's second paragraph:
If no rcfiles and no -p have been specified on the command
line, procmail will, prior to reading $HOME/.procmailrc,
interpret commands from /etc/procmailrc (if present). Care
must be taken when creating /etc/procmailrc, because, if
circumstances permit, it will be executed with root
privileges (contrary to the $HOME/.procmailrc file of
course).
So a system-wide .procmailrc (namely, /etc/procmailrc) _is_ kosher. In
fact, it's a great tool for eliminating non-kosher e-mail products such
as spam. (Feel free to boo.)
Anyway, to have the spammer get the error when they try this you'll
have to do it in sendmail, as by the time procmail sees it, sendmail
has accepted it and the bounces will just end up in the "postmaster"
mailbox on your machine.
Here's the .cf stuff I hook into the check_mail ruleset on the machines
I manage. It doesn't accept message whose envelope sender is a
non-existant local account (this is usually a misconfigured mail client
around here, but it also catches spam and would catch your problem
mailer):
Kusers_ok user -m -a<>
SLocal_check_mail
# check for deferred delivery mode
R$* $: < ${deliveryMode} > $1
R< d > $* $#OK
R$* $: <?> $>ParseRecipient $1 strip relayable hosts
R<?> $+ < @ $=w > $: <LOCAL> $1
R<?> <@> $@ mailer-daemon
R<?> $+ < @ $* > $@ not-local
R<$-> $* $: <?> $2
R<?> $+ + $* $: <?> $2 strip +detail
R<?> $+ $: < $(users_ok $1 $: ? $) > $1
R<?> $+ $: < $(aliases $1 $: ? $) > $1
R<?> $* $#error $@ NOUSER $: "Invalid envelope sender"
The ruleset is name "Local_check_mail" as that's the hook defined by
the M4 config file generations tools that come with the open source
version of sendmail. I don't know whether the Solaris default
sendmail.cf has a hook on the check_mail script for local additions, or
what they name it, so you may need to tweak the above to match that of
to allow other particular addresses through, but it should give you
ideas.
Philip Guenther