Anti-Spam Techniques: DNSBL in Sendmail

Tony — Mon, 31 Mar 2008 03:27:04 +0000

This topic is nothing new as there are many tutorials out there covering it, but I figured I’d write a post for the hell of it. If you use Sendmail as your MTA and get vast amounts of spam you can try using DNSBL to cut the amount you receive by rejecting them at the point of connection. This helps save on your bandwidth consumption by not accepting the full message and then sorting it later as spam or ham. I’ve had DNSBL implemented for quite some time and also use it in conjunction with MailScanner and Spamassassin to block and filter the thousands of junk messages my server is bombarded with daily. The amount of spam has been reduced significantly.

I don’t happen to know what versions of Sendmail started to include DNSBL as a feature, but if you have anything from version 8.12 or higher then you shouldn’t have any problems enabling DNSBL in the sendmail.mc file. For those of you using an older version of Sendmail, the dnsbl-milter project may be of interest to you.

To start using DNSBL, open your sendmail.mc file in a text editor.

[root@linux ~]# cd /etc/mail
[root@linux mail]# nano sendmail.mc

You’ll need to acquire your list of DNSBL servers you want to use, but here is an example of a few that I use. You can add these files to the end of your sendmail.mc file.

FEATURE(`dnsbl', `bl.spamcop.net', `"Rejected - see http://spamcop.net/bl.shtml?"$&{client_addr}')dnl
FEATURE(`dnsbl', `zen.spamhaus.org', `Rejected - see http://www.spamhaus.org/')dnl
FEATURE(`dnsbl', `dnsbl.sorbs.net', `Rejected - see http://www.sorbs.net/')dnl

I use SpamCop, Spamhaus, and SORBS to block most of the junk mail hitting my server. After you’ve added your changes, save your sendmail.mc file and rebuild it.

[root@linux mail]# make -C /etc/mail
make: Entering directory `/etc/mail'
make: Leaving directory `/etc/mail'
[root@linux mail]#

Sendmail should automatically read in the changes therefore you won’t need to restart it. To verify that Sendmail DNSBL is working, check your maillog and look for lines like these.

[root@linux mail]# tail -n 100 /var/log/maillog
...
Mar 30 22:59:04 linux sendmail[7702]: ruleset=check_relay, arg1=72-249-20-190.adsl.terra.cl, arg2=127.0.0.11, relay=72-249-20-190.adsl.terra.cl [190.20.249.72], reject=553 5.3.0 Rejected - see http://www.spamhaus.org/
Mar 30 23:02:20 linux sendmail[7781]: ruleset=check_relay, arg1=[58.87.60.104], arg2=127.0.0.2, relay=nat1.hyundai.net [58.87.60.104] (may be forged), reject=553 5.3.0 Rejected - see http://spamcop.net/bl.shtml?58.87.60.104
Mar 30 23:04:33 linux sendmail[7808]: ruleset=check_relay, arg1=[200.78.212.70], arg2=127.0.0.2, relay=na-200-78-212-70.na.avantel.net.mx [200.78.212.70] (may be forged), reject=553 5.3.0 Rejected - see http://spamcop.net/bl.shtml?200.78.212.70
Mar 30 23:04:40 linux sendmail[7809]: ruleset=check_relay, arg1=[61.108.132.122], arg2=127.0.0.2, relay=[61.108.132.122], reject=553 5.3.0 Rejected - see http://spamcop.net/bl.shtml?61.108.132.122

For a list of DNSBL servers you can use this site as a reference: http://spamlinks.net/filter-dnsbl-lists.htm

Other Sources for DNSBL in Sendmail:
Sendmail Configuration (8.11.6 specific)
DNSBL: Configuring Sendmail for DNS-Based Blacklisting

DNSBL for Other MTA’s:
HOWTO – Using DNS Block Lists (DNSBLs) (Exim)
How To Block Spam Before It Enters The Server (Postfix)
Protecting Qmail from known spam sources

Tony Bhimani's Blog » MTA

Anti-Spam Techniques: DNSBL in Sendmail