[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
could dnswl.m4 sendmail hack be a security concern?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: could dnswl.m4 sendmail hack be a security concern?
- From: Paul Pruett <ppruett_(_at_)_webengr_(_dot_)_com>
- Date: Sat, 27 Nov 2004 01:44:25 +0000 (GMT)
- Organization: Cocoa Village Publishing - www.cocoavillage.us
After turkey meal and after the kids settled down i
deciding i needed to do a whitelist against the sendmail
rbl lists I was using in addition to spamd with pf...
(yeah .. If I had afore realized how much fun sed was
changing CIDR format to zone I would not have started... ;)
I seem to be having some luck with HACK dnswl.m4
and my own dns based whitelist and auto blacklist from poison
email addresses I scripted to update every 10 minutes...
Its blocking about 12 mesg to every 200 mesg blocked by spamhaus and
140 by spamcop.net ...
THAT SAID.... I thought I'd better ask the list if there is some lurking
security reason to not use this sendmail addon
feature/hack that I googled. (for openbsd 3.5 through current)
I attached a copy to this email and cat at end of this email.
This dnswl.m4 seems to have been floating around the internet as a
way to make sendmail use a dns whitelist, much like the FEATURE endnsbl or
dnsbl does.
If it really is a good idea and safe... maybe it could someday end up
in the tree at /usr/share/sendmail/hack/dnswl.m4
If not safe, then I need to rethink...
TIA ----
notes... for others who may be struggling down the same path....
If dnswl.m4 is put in the folder /usr/share/sendmail/hack/
and then you use m4 from the /usr/share/sendmail/cf
folder to make your own my-sendmail.cf
( head /usr/share/sendmail/cf/Makefile)
and IF you include something like this in your my-sendmail.mc
before and dnsbl or endnsbl FEATURES....
HACK(`dnswl', `whitelist.somedomainhere.com')dnl
Then it seems to be working okay with openbsd 3.5 and 3.6 for the last
day and a half...
(provided you maintain your own or found a whitelist to reference)
I had setup my own to try after despairing at the anew holiday
flooding of email by a**hole spammers using their spare time
to flood anew and I googled info for sendmail dns whitelist-
http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/325.html
http://www.hansenonline.net/Networking/bind-spam.html
I also have some very crude bourne shell scripts crontabed to take
my whitelist and relaydb generated blacklists that were to aggressive
for spamd with pf and using sed
and sort to make a blacklist and whitelist zone for the
bind named server... so its sort of working automated like
so far and it is really fun to tail maillog and see it work...
(btw, it was not as straight forward as I thought to reverse
those octets and change /16 /24 notations to zones... boy
was I rusty at my string manipulation scripting and syntaxes)
----
cat dnswl.m4
#
divert(0)
VERSIONID($Id: dnswl.m4,v 1.0 2002/12/01 Exp $')
divert(8)
# DNS based IP address whitelist _ARG_
R$* $: $&{client_addr}
R::ffff:$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1._ARG_. $: NotFound $)
R$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1._ARG_. $: NotFound $)
R<?>NotFound $: OKSOFAR
R<?>$+ $@ <OK>
divert(-1)
(NOTE THAT those are to be tab spacing for the ruleset, not regular
space, if you have done sendmail rules - you will know why....)
#
# Jon Lewis <jlewis_(_at_)_lewis_(_dot_)_org>
#
# experimental dnswl m4
#
divert(0)
VERSIONID($Id: dnswl.m4,v 1.0 2002/12/01 Exp $')
divert(8)
# DNS based IP address whitelist _ARG_
R$* $: $&{client_addr}
R::ffff:$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1._ARG_. $: NotFound $)
R$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1._ARG_. $: NotFound $)
R<?>NotFound $: OKSOFAR
R<?>$+ $@ <OK>
divert(-1)
Visit your host, monkey.org