On Fri, 3 Sep 2004, Meng Weng Wong wrote:
| 2. SPF records are optional. This is crazy. Maybe for now, but again, by
perhaps we can say "after X date, in the absence of an SPF
record, we will assume a/24 mx/24 ptr -all"
Better yet, in the meantime, I have implemented a "neutral list". This is
a list of (possibly wildcarded) domains from which we will refuse mail
that gets SPF neutral - whether from a published SPF record or the best
guess default. For instance, aol.com and hotmail.com are on that list.
If I get a lot of spam from a domain with SPF neutral, I don't want to
blacklist them completely - because they might be getting joe-jobbed. So
I add them to the neutral blacklist. That way, if they ever send me legit
mail from a server remotely associated with the domain - I'll get it.
I also have a DNS blacklist for spammers with SPF pass (including best guess)
too, of course. Some might be interested in my sendmail HACK for a rhsbl. It
is used like this:
FEATURE(rhsbl,`blackholes.example.com',"550 Rejected: " $&{RHS} " has been
spamming Example Corp. customers.")dnl
Install in /usr/share/sendmail-cf/hack - or thereabouts depending on OS:
divert(-1)
#
# Copyright (c) 2002 Derek J. Balling
# All rights reserved.
#
# Permission to use granted for all purposes. If modifications are made
# they are requested to be sent to <dredd(_at_)megacity(_dot_)org> for
inclusion in future
# versions
#
# Allows (hopefully) for checking of access.db whitelisting now.
# Modified for and tested on sendmail-8.12.10 and sendmail-8.13.1
# by Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
#
# Incorporates many changes by Sergey S. Mokryshev <mokr(_at_)mokr(_dot_)net>
#
#
divert(0)
ifdef(`_RHSBL_R_',`dnl',`dnl
VERSIONID(`$Id: rhsbl.m4,v 2.2 2004/08/30 21:52:04 stuart Exp $')
define(`_RHSBL_R_',`')
ifdef(`_DNSBL_R_',`dnl',`dnl
LOCAL_CONFIG
# map for DNS based blacklist lookups based on the sender RHS
Kdnsbl host -T<TMP>')')
divert(-1)
define(`_RHSBL_SRV_', `_ARG_')dnl
define(`_RHSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Mail from " $`'&{RHS} "
refused by blackhole site '_RHSBL_SRV_`"',`_ARG2_')')dnl
define(`_RHSBL_MSG_TMP_', `ifelse(_ARG3_,`t',`"451 Temporary lookup failure of
" $`'&{RHS} " at '_RHSBL_SRV_`"',`_ARG3_')')dnl
MAILER_DEFINITIONS
SLocal_check_mail
# DNS based RHS spam list blackholes.example.com
R$* $: <?> $>CanonAddr $1
R<?> $*<@$+.> $: <?> $1<@$2.> $| $>SearchList <+ rhs> $|
<F:$1(_at_)$2> <D:$2> <>
R<?> $* $| <$={Accept}> $: OKSOFAR
R<?> $*<@$+.> $| $* $: <?> $(dnsbl $2._RHSBL_SRV_. $: OK $) $(macro {RHS}
$@ $2 $)
R<?> OK $: OKSOFAR
R<?> $*<@$*> $: OKSOFAR
ifelse(len(X`'_ARG3_),`1',
`R<?>$+<TMP> $: TMPOK',
`R<?>$+<TMP> $#error $@ 4.7.1 $: _RHSBL_MSG_TMP_')
R<?>$+ $#error $@ 5.7.1 $: _RHSBL_MSG_
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.