Re: Sendmail Configuration

[Bob McClure Jr <robertmcclure earthlink net>]

On Tue, Jun 04, 2002 at 04:57:16PM +0800, Wilmar Guday wrote:
> Hi All,
> 
> I want to block some domain (ip addresses) in my sendmail server

Assuming you have

FEATURE(`access_db',`hash -o /etc/mail/access.db')dnl

in the .mc file that generated your /etc/sendmail.cf, and that you
have specified in your /etc/mail/access the address range that you
allow to relay, you can block an address or address block this way:

# non-routable addresses shown for example
# whole network to exclude
192.168.5		REJECT
# single address
10.50.34.167	REJECT

When you make changes to /etc/mail/access, be sure to either remake
the /etc/mail/access.db

 cd /etc/mail;make access.db

or restart sendmail

 /etc/init.d/sendmail restart

> and also
> remove attachments with EXE, COM, VBS, and PIF extensions automatically upon
> reciept of email.

I don't strip attachments, but I quarantine such mail using this,
gleaned from the sendmail newsgroup

--------8< snip ----------------
From: Jorey Bump <devnull joreybump com>
Subject: Re: procmail
Newsgroups: comp.mail.sendmail
Date: Sun, 17 Mar 2002 17:51:25 GMT

Heinz wrote:
> I want procmail to remove attachments with certain file extensions like
> .exe, .pif or .scr. What to do?

You can put this in your home .procmailrc:
# First check header for multipart
:0 H
* ^Content-Type: multipart
# check body for executable filenames
{
  :0 B
  * name=.*\.(exe|bat|pif|com|lnk|scr|vbs)(")?(\ *|\t*)$
    # If found, quarantine (or delete)
    {
     :0:
     $HOME/mail/Quarantine
     # or use /dev/null instead, to delete message
     # /dev/null
    }
}

Or you can put this in /etc/procmailrc to process mail for all local
users, if procmail is your local mailer:

# First check header for multipart
:0 H
* ^Content-Type: multipart
# check body for executable filenames
{
  :0 B
  * name=.*\.(exe|bat|pif|com|lnk|scr|vbs)(")?(\ *|\t*)$
    # If found, quarantine (or delete)
    {
     # Procmail will create mbox if it doesn't exist, and append
     # If it's a directory, mail will be saved individually
     :0
     /var/spool/quarantine
     # /dev/null
    }
}

There might be extra brackets, because I edited out some other
stuff. This doesn't actually remove attachments, but puts the messages
that contain them in a place where they can be inspected safely before
deleting (or just send them to /dev/null).

The global recipe works well for me. If you create
/var/spool/quarantine with mkdir, each message will be saved
individually within it, which may be helpful if you have other
users. If you don't create it, procmail will create an mbox, and
append all the messages to that file. If you choose that approach, you
should add a lockfile (change :0 to :0: before it).

It's caught every M$ executable virus sent to my machine, so far.
--------8< snip ----------------

Everything I catch in my Quarantine box is (currently) the Klez
virus.  I've encouraged my local ISP to set up such a global procmail
filter, but they are afraid of such a draconian measure.  As far as
I'm concerned, anyone who wants to send a .exe or such can WinZip it
and send it as a .zip file.

> How can I do this?
> 
> TIA/Wilmar

Cheers,
-- 
Bob McClure, Jr.            | "Surely you can't be serious."
Bobcat Open Systems, Inc.   | "I am serious, and stop calling me Shirley."
robertmcclure earthlink net |        -- "Airplane"