summaryrefslogtreecommitdiff
path: root/share/smtpd/example.antispam
blob: 30e70ea3784a734927961c0e4d9e5cb8db4db9ef (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
#	$OpenBSD: example.antispam,v 1.2 2001/02/03 08:23:45 niklas Exp $

# example antispam file. Modify to suit your needs.
#
# This file goes in /var/spool/smtpd/etc/smtpd_check_rules
# once you have modified it appropriately for your site.
#
# This example does two things: 1, it prevents unauthorized relaying, 
# 2), it blocks incoming SPAM from the major SPAM domains. To keep
# an eye on the current worst offenders, check out http://spam.abuse.net/
#
# If you really dislike SPAM, you can try compiling with NOTO_DELAY
# set to some (relatively small) value, and changing the "noto" rules
# in this file to "noto_delay" rules. 
# 
# This file assumes that our domains are "mydomain.com" and "otherdomain.com".
# assumes our dns servers are "dns1.mydomain.com", etc. etc. 
# you will need to edit this file for your own use. 

# First, allow us to relay outgoing mail from our hosts.
allow:*mydomain.com *otherdomain.com:ALL:ALL

# don't allow people to use %hack to relay off of me.
noto:ALL:ALL:*%*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.
noto:ALL:ALL:*!*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.
noto:ALL:ALL:*@*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.

# First, the exceptions.
# "I'll have your spam dear, I love it!"
#
# The people below have requested that all mail be let through to them
# with no filtering for SPAM, and we accomodate them here.
#
allow:ALL:ALL:ALL@hormel.mydomain.com spamboy@otherdomain.com


# Block any connections from host in the MAPS rbl at rbl.maps.vix.com
# Beware that this can throw the baby out with the bathwater.
# this one line will mimic the usual sendmail behaviour when using the MAPS RBL
noto:RBL.rbl.maps.vix.com:ALL:ALL:550 Mail refused from host %I in MAPS RBL, see http%C//maps.vix.com/rbl/

# Block any connections from a host or connecting address who uses a
# nameserver for which the address is in the MAPS rbl at rbl.maps.vix.com.
# Note that this can *really* throw the baby out with the bathwater, 
# be sure you understand the implications before using the two below.
#noto:NS=RBL.rbl.maps.vix.com:ALL:ALL:550 Mail refused due to nameserver for %H(%I) in MAPS RBL, see http%C//maps.vix.com/rbl/
#noto:ALL:NS=RBL.rbl.maps.vix.com:ALL:550 Mail refused due to nameserver for %F in MAPS RBL, see http%C//maps.vix.com/rbl/


# block anyone who uses a major SPAM provider as a nameserver or MX. either
# on a connection from one of their hosts, a connection from a host they act
# as a nameserver for, or a connection with a FROM: address that uses 
# a nameserver or MX from a them. As an example, we use the old cyberpromo
# netblocks below. You should not use a rule such as below unless you are
# sure the netblock *currently* belongs to a spamhaus.   
#cyberpromo.com
#noto:205.199.212.0/24 205.199.2.0/24 207.124.161.0/24 204.137.221.0/24:ALL:ALL
#noto:ALL:NS=205.199.212.0/24 NS=205.199.2.0/24 NS=207.124.161.0/24 NS=204.137.221.0/24:ALL
#noto:NS=205.199.212.0/24 NS=205.199.2.0/24 NS=207.124.161.0/24 NS=204.137.221.0/24:ALL:ALL



# dump things with a bogus rhs to a FROM: addresses. usually spammers
# This drops any message where the FROM: address is given as 
# anything@bogus, where "bogus" is
# 1) not resolvable as a hostname.
# 2) not resolvable as an NS or MX record
# In other words, this basically tosses anything that gives a FROM address
# in the smtp dialogue that you would probably have no hope of replying
# to via smtp. 

# You can may wish to use a 450 (which invites the sender to retry)
# rather than a 550 that won't in order not to lose real mail that has
# no resolution due to temporary DNS problems. However be warned that
# if you do lots of SPAM may get retried a lot. I've had varying
# success with using 450 depending on how busy the site is.
noto:ALL:NS=UNKNOWN:ALL:550 Your FROM address (%F) doesn't seem to resolve to a host, domain, or MX record. Please mail to %T from a valid e-mail address.

# dump bozos with all digit addresses. almost always spammers.
noto:ALL:/^[0-9]+@.*$/:ALL

##############################################
# otherwise, allow untrusted connections with mail to anywhere we MX
# this should do it nicely:
allow:ALL:ALL:NS=dns*.mydomain.com
# An alternative is to allow by domain, below. 
allow:ALL:ALL:*mydomain.com *otherdomain.com

##############################################
# don't relay mail to other places from other connections, so
# we don't get used as a spam relay
noto:ALL:ALL:ALL:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.