LinuxWebLog.com

The sendmail access database file can be created to accept or reject mail from selected domains.

Since "/etc/mail/access" is a database, after creating the text file, use makemap to create the database map.

Below is what my access file currently looks like and can be used as a starting point. All internal addresses have been changed except for spammers!!

# by default we allow relaying from localhost...
localhost.localdomain           RELAY
localhost                       RELAY
127.0.0.1                       RELAY

# Allow Connect from local server IPs
Connect:207.44.206.144   OK

# Accept Mail
# accept mail from PayPal
paypal.com      OK

# Reject Mail
posterclub@e.allposters.com     REJECT
posterclub@email.allposters.com REJECT
plastmarket.com                 REJECT
jr@jrtr.org                     REJECT
7b2.606@fe01.atl2.webusenet.com REJECT
mysoldpad.com                   REJECT

# Discard Mail
1and1-private-registration.com  DISCARD
# forum admin mails:
fictionaluser@gmail.com         DISCARD

# Reject full mailbox
fictionaluser@linuxweblog.com ERROR:4.2.2:450 mailbox full
fictionaluser@linuxweblog.net REJECT

# Blacklist recipients
linuxweblog.net ERROR:550 That host does not accept mail

# Spam friend domains: exempt domains from dnsbl list checking
Spam:linuxweblog.org      FRIEND

# Spam friend users: exempt email users from dnsbl list checking
# example:
# Spam:user@domain.tld         FRIEND
# clients
Spam:fictionalclient@hotmail.com  FRIEND

# Auto REJECT via hourly cron added below

When starting sendmail, I would get the below messgage:

Although, sendmail would still run without the CRL File and just complain about it missing. A quick way to include it in the sendmail configuration is to download revoke.crl from cacert.org, add the below option in sendmail.mc and rebuild the sendmail conf file as below.

Download revoke.crl:

Add the below line to "/etc/mail/sendmail.mc" just below the "confSERVER_KEY":

Rebuild sendmail conf by running make:

Check sendmail.cf with the revoke.crl listed as below:

Now restarting sendmail should not complain about the missing Certificate Revocation List (CRL) File.

Regenerate sendmail config:

Regenerate access file:

Generate new aliases:

milter-greylist is a sendmail milter which implements the greylist filtering method, as proposed by Evan Harris.

Greylisting works by assuming that, unlike legitimate MTA, spam engines will not retry sending their junk mail on a temporary error. The filter will always reject mail temporarily on a first attempt, then accept it after some time has elapsed.

So this method of greylisting works very well if used with a combination of DNS-Based Blacklisting as the spammer would have gotten blacklisted in several real-time distributed black lists before the second attempt and effectively reducing spam emails.

Below is an outline of quickly building and installing the greylist milter and configuring sendmail to use the milter. This was done on a RHEL3 box.

If you are new to setting up a mail server be cautious that you do not open your server accidently and relay mail...

One very simple way of testing it is to run:

This will attempt to connect back to your machine and run a series of mail relaying tests against it. The success or failure will be printed at the end.

You may need to turn off firewall temporarily during the test or allow for outgoing connection through the firewall.