1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
|
#
# example smtpd_check_rules file. If you compiled smtpd with
# CHECK_ADDRESS=1, this file goes in etc/smtpd_check_rules in your
# smtpd chroot directory. This DOES NOT GET USED unless you compile
# with CHECK_ADDRESS=1.
#
# example antispam file. Modify to suit your needs.
# This example assumes NS_MATCH and USE_REGEX were both set to 1 when
# smtpd was built, to allow for matching by nameserver, and using
# regular expressions.
#
# This example does two things: 1, it prevents unauthorized relaying,
# 2), it blocks incoming SPAM from the major SPAM domains. To keep
# an eye on the current worst offenders, check out http://spam.abuse.net/
#
# If you really dislike SPAM, you can try compiling with NOTO_DELAY
# set to some (relatively small) value, and changing the "noto" rules
# in this file to "noto_delay" rules.
#
# This file assumes that our domains are "mydomain.com" and "otherdomain.com".
# assumes our dns servers are "dns1.mydomain.com", etc. etc.
# you will need to edit this file for your own use.
# First, allow us to relay outgoing mail from our hosts. If we have
# JUINPER_SUPPORT, we'd probably do it like this:
#allow:TRUSTED:ALL:ALL
# otherwise, we'd do it like this:
allow:*mydomain.com *otherdomain.com:ALL
# don't allow people to use %hack to relay off of me.
noto:ALL:ALL:*%*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.
noto:ALL:ALL:*!*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.
noto:ALL:ALL:*@*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.
# First, the exceptions.
# "I'll have your spam dear, I love it!"
#
# These people love spam. They love Spamford Wallace.
# They have requested that all mail be let through to them with no
# filtering for SPAM, and we accomodate them here.
#
allow:ALL:ALL:ALL@hormel.mydomain.com spamboy@otherdomain.com
# Block any connections from host in the MAPS rbl at rbl.maps.vix.com
# Beware that this can throw the baby out with the bathwater.
noto:RBL.rbl.maps.vix.com:ALL:ALL:550 Mail refused from host %I in MAPS RBL, see http%C//maps.vix.com/rbl/
# Block any connections from a host or connecting address who uses a
# nameserver for which the address is in the MAPS rbl at rbl.maps.vix.com.
# Note that this can *really* throw the baby out with the bathwater,
# be sure you understand the implications before using the two below.
noto:NS=RBL.rbl.maps.vix.com:ALL:ALL:550 Mail refused due to nameserver for %H(%I) in MAPS RBL, see http%C//maps.vix.com/rbl/
noto:ALL:NS=RBL.rbl.maps.vix.com:ALL:550 Mail refused due to nameserver for %F in MAPS RBL, see http%C//maps.vix.com/rbl/
# block anyone who uses a major SPAM provider as a nameserver or MX. either
# on a connection from one of their hosts, a connection from a host they act
# as a nameserver for, or a connection with a FROM: address that uses
# a nameserver or MX from a them.
#cyberpromo.com
noto:205.199.212.0/24 205.199.2.0/24 207.124.161.0/24 204.137.221.0/24:ALL:ALL
noto:ALL:NS=205.199.212.0/24 NS=205.199.2.0/24 NS=207.124.161.0/24 NS=204.137.221.0/24:ALL
noto:NS=205.199.212.0/24 NS=205.199.2.0/24 NS=207.124.161.0/24 NS=204.137.221.0/24:ALL:ALL
#erosnet
noto:205.82.252.0/24 205.134.162.2 205.134.162.209 205.134.190.4:ALL:ALL
noto:ALL:NS=205.82.252.0/24 NS=205.134.162.2 NS=205.134.162.209 NS=205.134.190.4:ALL
noto:NS=205.82.252.0/24 NS=205.134.162.2 NS=205.134.162.209 NS=205.134.190.4:ALL:ALL
#prime data worldnet systems
noto:ALL:NS=207.15.68.253 NS=207.15.68.251:ALL
noto:NS=207.15.68.253 NS=207.15.68.251:ALL:ALL
#nancynet
noto:205.199.4.0/24:ALL:ALL
noto:ALL:NS=205.199.4.0/24:ALL
noto:NS=205.199.4.0/24:ALL:ALL
# quantcom.com, iemmc
noto:204.213.176.0/24:ALL:ALL
noto:ALL:NS=204.213.176.0/24:ALL
noto:NS=204.213.176.0/24:ALL:ALL
# gatewayfin.com, globalfn.com - "Global Financial Services"
noto:ALL:NS=206.31.38.79 NS=204.137.161.89:ALL
noto:NS=206.31.38.79 NS=204.137.161.89:ALL:ALL
#mailermachine.com
noto:208.144.211.131/25:ALL:ALL
noto:ALL:NS=208.144.211.131/25:ALL
noto:NS=208.144.211.131/25:ALL:ALL
#all-domains.net
noto:204.157.168.0/24:ALL:ALL
noto:NS=204.157.168.0/24:ALL:ALL
noto:ALL:NS=204.157.168.0/24:ALL
#onlinebiz.net - another agis spamhaus from the look of it
noto:205.164.68.0/24:ALL:ALL
noto:NS=205.164.68.0/24:ALL:ALL
noto:ALL:NS=205.164.68.0/24:ALL
#llv.com - login las vegas - yaash (yet another agis spamhaus)
noto:205.254.164.0/24:ALL:ALL
noto:ALL:NS=205.254.164.0/24:ALL
noto:NS=205.254.164.0/24:ALL:ALL
#cscent.net - yaash
noto:206.85.231.0/24:ALL:ALL
noto:NS=206.85.231.0/24:ALL:ALL
noto:ALL:NS=206.85.231.0/24:ALL
#tnlb.com - "the national letter bureau" and "mako marketing" - yeesh..
noto:206.101.40.0/24 206.101.58.0/24 208.230.127.0/24:ALL:ALL
noto:NS=206.101.40.0/24 NS=206.101.58.0/24 NS=208.230.127.0/24:ALL:ALL
noto:ALL:NS=206.101.40.0/24 NS=206.101.58.0/24 NS=208.230.127.0/24:ALL
#c-flash.net - yaash
noto:205.199.166.0/24:ALL:ALL
noto:NS=205.199.166.0/24:ALL:ALL
noto:ALL:NS=205.199.166.0/24:ALL
#directsend.com - Former Nancynet customer, now yaash
noto:206.84.21.0/24 207.201.213.0/24:ALL:ALL
noto:NS=206.84.21.0/24 NS=207.201.213.0/24:ALL:ALL
noto:ALL:NS=206.84.21.0/24 NS=207.201.213.0/24:ALL
noto:206.84.21.0/24:ALL:ALL
noto:NS=206.84.21.0/24:ALL:ALL
noto:ALL:NS=206.84.21.0/24:ALL
#we-deliver.net - yaash
noto:206.62.151.0/24:ALL:ALL
noto:NS=206.62.151.0/24:ALL:ALL
noto:ALL:NS=206.62.151.0/24:ALL
#savoynet.com - yaash
noto:204.157.255.0/24:ALL:ALL
noto:NS=204.157.255.0/24:ALL:ALL
noto:ALL:NS=204.157.255.0/24:ALL
#taizen.com - "grandbikes.com" and other spammers. No response to complaints.
noto:208.219.218.0/24:ALL:ALL
noto:NS=208.219.218.0/24:ALL:ALL
noto:ALL:NS=208.219.218.0/24:ALL
#edgetone.com and cyberserverscentral.com
noto:208.223.114.0/24 208.223.112.0/24 204.178.73.192/25:ALL:ALL
noto:NS=208.223.114.0/24 NS=208.223.112.0/24 NS=204.178.73.192/25:ALL:ALL
noto:ALL:NS=208.223.114.0/24 NS=208.223.112.0/24 NS=204.178.73.192/25:ALL
#icsinc.net and money-group.net
noto:151.201.64.0/24:ALL:ALL
noto:NS=151.201.64.0/24:ALL:ALL
noto:ALL:NS=151.201.64.0/24:ALL
#gil.net and firstgear.com
noto:207.100.79.0/24:ALL:ALL
noto:NS=207.100.79.0/24:ALL:ALL
noto:ALL:NS=207.100.79.0/24:ALL
#ultramax.net and friends
noto:207.201.213.0/24:ALL:ALL
noto:NS=207.201.213.0/24:ALL:ALL
noto:ALL:NS=207.201.213.0/24:ALL
#t-1net.com
noto:208.21.213.0/24:ALL:ALL
noto:NS=208.21.213.0/24:ALL:ALL
noto:ALL:NS=208.21.213.0/24:ALL
#ezmoney.com and pals
noto:204.212.245.0/24:ALL:ALL
noto:NS=204.212.245.0/24:ALL:ALL
noto:ALL:NS=204.212.245.0/24:ALL
#mail-response, hitrus, etc.
noto:209.136.134.0/24:ALL:ALL
noto:NS=209.136.134.0/24:ALL:ALL
noto:ALL:NS=209.136.134.0/24:ALL
#nevwest - the next generation, via ACSI.
noto:209.12.111.0/23:ALL:ALL
noto:NS=209.12.111.0/23:ALL:ALL
noto:ALL:NS=209.12.111.0/23:ALL
#gtwinc, gmds.com - spamhaus
noto:207.201.213.0/24 206.98.109.0/24:ALL:ALL
noto:NS=207.201.213.0/24 NS=206.98.109.0/24:ALL:ALL
noto:ALL:NS=207.201.213.0/24 NS=206.98.109.0/24:ALL
#goplay.com, mpx.com - many, many spams
noto:199.74.206.0/24:ALL:ALL
noto:NS=199.74.206.0/24:ALL:ALL
noto:ALL:NS=199.74.206.0/24:ALL
#silkspin.com spamhaus
noto:151.196.90.0/24 151.196.69.0/24:ALL:ALL
noto:NS=151.196.90.0/24 NS=151.196.69.0/24:ALL:ALL
noto:ALL:NS=151.196.90.0/24 NS=151.196.69.0/24:ALL
#uplinkpro.com
noto:206.30.95.0/24:ALL:ALL
noto:NS=206.30.95.0/24:ALL:ALL
noto:ALL:NS=206.30.95.0/24:ALL
#excite.com mailexcite.com
noto:198.3.102.0/24 198.3.98.0/24:ALL:ALL
noto:NS=198.3.102.0/24 NS=198.3.98.0/24:ALL:ALL
noto:ALL:NS=198.3.102.0/24 NS=198.3.98.0/24:ALL
# dump things with a bogus rhs to a FROM: addresses. usually spammers
# This drops any message where the FROM: address is given as
# anything@bogus, where "bogus" is
# 1) not resolvable as a hostname.
# 2) not resolvable as an NS or MX record
# In other words, this basically tosses anything that gives a FROM address
# in the smtp dialogue that you would probably have no hope of replying
# to via smtp.
# You can use a 450 (which invites the sender to retry) rather than a 550
# that won't in order not to lose real mail that has no resolution due to
# temporary DNS problems. However be warned that if you do lots of
# SPAM may get retried a lot. I've had varying success with using 450
# depending on how busy the site is.
noto:ALL:NS=UNKNOWN:ALL:550 Your FROM address (%F) doesn't seem to resolve to a host, domain, or MX record. Please mail to %T from a valid e-mail address.
# dump bozos with all digit addresses. usually spammers
noto:ALL:/^[0-9]+@.*$/:ALL
##############################################
# otherwise, allow untrusted connections with mail to anywhere we MX
# this should do it nicely:
allow:ALL:ALL:NS=dns*.mydomain.com
# An alternative is to allow by domain, below
allow:ALL:ALL:*mydomain.com *otherdomain.com
##############################################
# don't relay mail to other places from other connections, so
# we don't get used as a spam relay
noto:ALL:ALL:ALL:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.
|
