Tony Bhimani’s Blog

This topic is nothing new as there are many tutorials out there covering it, but I figured I’d write a post for the hell of it. If you use Sendmail as your MTA and get vast amounts of spam you can try using DNSBL to cut the amount you receive by rejecting them at the point of connection. This helps save on your bandwidth consumption by not accepting the full message and then sorting it later as spam or ham. I’ve had DNSBL implemented for quite some time and also use it in conjunction with MailScanner and Spamassassin to block and filter the thousands of junk messages my server is bombarded with daily. The amount of spam has been reduced significantly.

I don’t happen to know what versions of Sendmail started to include DNSBL as a feature, but if you have anything from version 8.12 or higher then you shouldn’t have any problems enabling DNSBL in the sendmail.mc file. For those of you using an older version of Sendmail, the dnsbl-milter project may be of interest to you.

To start using DNSBL, open your sendmail.mc file in a text editor.

[root@linux ~]# cd /etc/mail
[root@linux mail]# nano sendmail.mc

You’ll need to acquire your list of DNSBL servers you want to use, but here is an example of a few that I use. You can add these files to the end of your sendmail.mc file.

FEATURE(`dnsbl', `bl.spamcop.net', `"Rejected - see http://spamcop.net/bl.shtml?"$&{client_addr}')dnl
FEATURE(`dnsbl', `zen.spamhaus.org', `Rejected - see http://www.spamhaus.org/')dnl
FEATURE(`dnsbl', `dnsbl.sorbs.net', `Rejected - see http://www.sorbs.net/')dnl

I use SpamCop, Spamhaus, and SORBS to block most of the junk mail hitting my server. After you’ve added your changes, save your sendmail.mc file and rebuild it.

[root@linux mail]# make -C /etc/mail
make: Entering directory `/etc/mail'
make: Leaving directory `/etc/mail'
[root@linux mail]#

Sendmail should automatically read in the changes therefore you won’t need to restart it. To verify that Sendmail DNSBL is working, check your maillog and look for lines like these.

[root@linux mail]# tail -n 100 /var/log/maillog
...
Mar 30 22:59:04 linux sendmail[7702]: ruleset=check_relay, arg1=72-249-20-190.adsl.terra.cl, arg2=127.0.0.11, relay=72-249-20-190.adsl.terra.cl [190.20.249.72], reject=553 5.3.0 Rejected - see http://www.spamhaus.org/
Mar 30 23:02:20 linux sendmail[7781]: ruleset=check_relay, arg1=[58.87.60.104], arg2=127.0.0.2, relay=nat1.hyundai.net [58.87.60.104] (may be forged), reject=553 5.3.0 Rejected - see http://spamcop.net/bl.shtml?58.87.60.104
Mar 30 23:04:33 linux sendmail[7808]: ruleset=check_relay, arg1=[200.78.212.70], arg2=127.0.0.2, relay=na-200-78-212-70.na.avantel.net.mx [200.78.212.70] (may be forged), reject=553 5.3.0 Rejected - see http://spamcop.net/bl.shtml?200.78.212.70
Mar 30 23:04:40 linux sendmail[7809]: ruleset=check_relay, arg1=[61.108.132.122], arg2=127.0.0.2, relay=[61.108.132.122], reject=553 5.3.0 Rejected - see http://spamcop.net/bl.shtml?61.108.132.122

For a list of DNSBL servers you can use this site as a reference: http://spamlinks.net/filter-dnsbl-lists.htm

Other Sources for DNSBL in Sendmail:
Sendmail Configuration (8.11.6 specific)
DNSBL: Configuring Sendmail for DNS-Based Blacklisting

DNSBL for Other MTA’s:
HOWTO - Using DNS Block Lists (DNSBLs) (Exim)
How To Block Spam Before It Enters The Server (Postfix)
Protecting Qmail from known spam sources

There may be times when you may need to exclude packages from yum updates — e.g. package conflicts, etc. I always like to give an example of why I would do this or that, so for an example pertaining to excluding packages it’s as simple as something is installed and the RPM’s of that conflict with the RPM’s yum wants to install and yum won’t install them because it doesn’t want to break the system. This in turn can keep unrelated packages from installing and then it can become one big mess. Did that run-on sentence make any sense? Ok, this is it in action…

[root@linux ~]# yum update
fedora                    100% |=========================| 2.1 kB    00:00
primary.sqlite.bz2        100% |=========================| 3.8 MB    00:03
updates                   100% |=========================| 2.3 kB    00:00
primary.sqlite.bz2        100% |=========================| 2.4 MB    00:02
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package perl.i386 4:5.8.8-28.fc7 set to be updated
---> Package perl-libs.i386 4:5.8.8-28.fc7 set to be updated
---> Package perl-ExtUtils-MakeMaker.i386 0:6.30-28.fc7 set to be updated
---> Package perl-CPAN.i386 0:1.76_02-28.fc7 set to be updated
---> Package perl-ExtUtils-Embed.i386 0:1.26-28.fc7 set to be updated
---> Package perl-Test-Simple.i386 0:0.62-28.fc7 set to be updated
---> Package perl-devel.i386 4:5.8.8-28.fc7 set to be updated
---> Package perl-Test-Harness.i386 0:2.56-28.fc7 set to be updated
filelists.sqlite.bz2      100% |=========================| 6.4 MB    00:05
filelists.sqlite.bz2      100% |=========================| 5.3 MB    00:04
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Updating:
 perl                    i386       4:5.8.8-28.fc7   updates            10 M
 perl-CPAN               i386       1.76_02-28.fc7   updates           127 k
 perl-ExtUtils-Embed     i386       1.26-28.fc7      updates            34 k
 perl-ExtUtils-MakeMaker  i386       6.30-28.fc7      updates           288 k
 perl-Test-Harness       i386       2.56-28.fc7      updates            78 k
 perl-Test-Simple        i386       0.62-28.fc7      updates           109 k
 perl-devel              i386       4:5.8.8-28.fc7   updates           384 k
 perl-libs               i386       4:5.8.8-28.fc7   updates           567 k

Transaction Summary
=============================================================================
Install      0 Package(s)
Update       8 Package(s)
Remove       0 Package(s)

Total download size: 12 M
Is this ok [y/N]: y
Downloading Packages:
(1/8): perl-Test-Harness- 100% |=========================|  78 kB    00:00
(2/8): perl-devel-5.8.8-2 100% |=========================| 384 kB    00:00
(3/8): perl-Test-Simple-0 100% |=========================| 109 kB    00:00
(4/8): perl-ExtUtils-Embe 100% |=========================|  34 kB    00:00
(5/8): perl-CPAN-1.76_02- 100% |=========================| 127 kB    00:00
(6/8): perl-ExtUtils-Make 100% |=========================| 288 kB    00:00
(7/8): perl-libs-5.8.8-28 100% |=========================| 567 kB    00:00
(8/8): perl-5.8.8-28.fc7. 100% |=========================|  10 MB    00:09
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test

Transaction Check Error:
  file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/MIME/Base64/Base64.so from install of perl-5.8.8-28.fc7 conflicts with file from package perl-MIME-Base64-3.07-1
  file /usr/share/man/man3/MIME::Base64.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-MIME-Base64-3.07-1
  file /usr/share/man/man3/MIME::QuotedPrint.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-MIME-Base64-3.07-1
  file /usr/lib/perl5/5.8.8/Getopt/Long.pm from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Getopt-Long-2.36-1
  file /usr/lib/perl5/5.8.8/newgetopt.pl from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Getopt-Long-2.36-1
  file /usr/share/man/man3/Getopt::Long.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Getopt-Long-2.36-1
  file /usr/lib/perl5/5.8.8/Math/BigFloat.pm from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Math-BigInt-1.86-1
  file /usr/lib/perl5/5.8.8/Math/BigInt.pm from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Math-BigInt-1.86-1
  file /usr/lib/perl5/5.8.8/Math/BigInt/Calc.pm from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Math-BigInt-1.86-1
  file /usr/lib/perl5/5.8.8/Math/BigInt/CalcEmu.pm from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Math-BigInt-1.86-1
  file /usr/share/man/man3/Math::BigFloat.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Math-BigInt-1.86-1
  file /usr/share/man/man3/Math::BigInt.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Math-BigInt-1.86-1
  file /usr/share/man/man3/Math::BigInt::Calc.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Math-BigInt-1.86-1
  file /usr/share/man/man3/Math::BigInt::CalcEmu.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Math-BigInt-1.86-1
  file /usr/lib/perl5/5.8.8/Math/BigRat.pm from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Math-BigRat-0.19-1
  file /usr/share/man/man3/Math::BigRat.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Math-BigRat-0.19-1
  file /usr/lib/perl5/5.8.8/bigint.pm from install of perl-5.8.8-28.fc7 conflicts with file from package perl-bignum-0.21-1
  file /usr/lib/perl5/5.8.8/bignum.pm from install of perl-5.8.8-28.fc7 conflicts with file from package perl-bignum-0.21-1
  file /usr/lib/perl5/5.8.8/bigrat.pm from install of perl-5.8.8-28.fc7 conflicts with file from package perl-bignum-0.21-1
  file /usr/share/man/man3/bigint.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-bignum-0.21-1
  file /usr/share/man/man3/bignum.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-bignum-0.21-1
  file /usr/share/man/man3/bigrat.3pm.gz from install of perl-5.8.8-28.fc7 conflicts with file from package perl-bignum-0.21-1
  file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/Sys/Syslog.pm from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Sys-Syslog-0.18-1
  file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Sys/Syslog/Syslog.so from install of perl-5.8.8-28.fc7 conflicts with file from package perl-Sys-Syslog-0.18-1

Error Summary
-------------

[root@linux ~]#

I ran a yum update and a bunch of perl updates crapped out. MailScanner is the only application I installed that loaded a series of perl RPM dependencies, so it’s safe to assume that MailScanner is the culprit. With that said, I’ll get to the point of this post. If you have a similar problem with yum updates failing, you can exclude those updates.

For RedHat based systems (Fedora & CentOS), you’ll want to edit the updates repository file.

[root@linux ~]# cd /etc/yum.repos.d/
[root@linux yum.repos.d]# ls
fedora-development.repo  fedora.repo  fedora-updates.repo  fedora-updates-testing.repo
[root@linux yum.repos.d]# nano fedora-updates.repo

On my Fedora 7 system, the file I want to edit is fedora-updates.repo (your file name may be different depending on the distro and release you’re using).

In the updates section, add an exclude line like in the example below. I’m excluding all updates that begin with the word perl (note the wildcard *). To exclude more than one set, enter each package name on the same line and separate them with a space.

[updates]
name=Fedora $releasever - $basearch - Updates
#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/updates/$releasever/$basearch/
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f$releasever&arch=$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
exclude=perl*

Now if I run the yum update, all packages beginning with “perl” should be excluded.

[root@linux yum.repos.d]# yum update
updates                   100% |=========================| 2.3 kB    00:00
Excluding Packages from Fedora 7 - i386 - Updates
Finished
Setting up Update Process
No Packages marked for Update
[root@linux yum.repos.d]#

Now we’re cool. If you didn’t know how to exclude packages from yum updates, well now you know.