A.P. Lawrence Home Page
A.P. Lawrence Home
Information and Resources for Unix and Linux Systems

Search FAQ Newest Articles Contact Info Articles Books Find a Consultant Site Map RSS Feeds

Sign up for PayPal and start accepting credit card payments instantly.


Printer Friendly Version
Please read this disclaimer
Default text size - Smaller text size

Best of CUSM: mmdf relays


What is this stuff?

Main Index

If this isn't exactly what you wanted, please try our Search (there's a LOT of techy and non-techy stuff here about Linux, Unix, Mac OS X and just computers in general!):

From: dowagiac_2000@yahoo.com (Matt Lewis)
Subject: Howto Configure MMDF for inbound and outbound relay control authhosts
Date: 18 Oct 2002 19:16:59 -0700

Installing Anti-Relay for MMDF SCO OpenServer 5.0.x
                                      August 30, 2002

Premise:  
Probably this action is being taken for one of two reasons. 
a. Client is being sent unsolicited email to the point of server
failure or extreme slowness
b. Client has had their domain-name / ip address blacklisted by one or
many of the various real time black hole DNS list servers.

Solution:
a. Close the clients open relay by applying an auth-hosts list for
MMDF
b. Get client de-listed from the various black hole lists that they
may be entered on.
c. Contact your internet service provider and have relay for their
mail server turned back on for outbound email from clients mail
server.
      
Result:
a. This setup will give you an mmdf config that will block relay
before the message is copied to the server that is in the smtp session
itself.
b. The following setup assumes you are using a smart-host to send out
non local mail.  This can be easily changed by putting in the
Nameserver feature.

-------------------------------------------------------------------------------


*** Closing Open-Relay with Authhosts ***
	
1. Shut down deliver process so that additional spam email does not
cripple the system
   ( kill -9 process id of deliver)

2. Make a list of all ip addresses on the local area network of the
client

3. As root edit /etc/hosts to include a full resolution of each ip
address that you discovered.
   exa. 
   10.1.0.21	ardept1.testdomain.com	ardept1

   Note:  A fully qualified address must be used as the first alias
for the ip address in /etc/hosts.  	    That is it must be in the form
hostname.domainname

   10.1.0.21 	ardept1	ardept1.testdomain.com   # Will not work for
MMDF

4. Next as user mmdf edit /usr/mmdf/mmdftailor and add the following
entries.
   MTBL show="MMDF authorization", name=authhosts, file=authhosts,
flags=file
   Then on each outgoing mail channel.  Add auth=inblock,
outsrc=authhosts,indest=authhosts
   This says to use an authorization filter for all outgoing and
incoming mail.  And that this filter
   is defined in /usr/mmdf/table/authhosts

Example mmdftailor entries below on how to add this..
-------------------
MCHN show="Mailing list processor", name=list, que=list, tbl=list,
pgm=list, ap=same, mod=imm, host=tuffmc.com, auth=inblock,
outsrc=authhosts, indest=authhosts
MCHN show="SMTP  channel", name=smtp, que=smtp, tbl=smtpchn, pgm=smtp,
ap=822, mod=host, confstr="charset=7bit", auth=inblock,
outsrc=authhosts, indest=authhosts
MCHN show="Smart-host Routing for hosts", name=badhosts, que=badhosts,
tbl=smtpchn, pgm=smtp, ap=822, mod=host,
confstr="charset=7bit,hostname=testdomain.com",
host=smtp.internetprovider.com, auth=inblock, outsrc=authhosts,
indest=authhosts
MCHN show="Nameserver Delay channel", name=delay, que=delay,
tbl=smtpchn, pgm=delay, ap=same
-----------------------------

5. Now create /usr/mmdf/table/authhosts
   ( touch /usr/mmdf/table/authhosts )

   Edit this file. At the top put in local: followed by the fully
qualified hostnames that you entered
   into /etc/hosts  

   Note: ip addresses will not work in authhosts.  MMDF will not know
what to do with it and the pc
   will not be able to send out any mail.   

example /usr/mmdf/table/authhosts
--------------------
local:
michele.testdomain.com
tuff1.testdomain.com
tuff2.testdomain.com
tuff3.testdomain.com
tuff4.testdomain.com
tuff5.testdomain.com
tuff6.testdomain.com
tuff7.testdomain.com
tuff8.testdomain.com
tuff9.testdomain.com
tuff10.testdomain.com
tuff11.testdomain.com
tuff12.testdomain.com
--------------------

6. To re-build all hashed databases and update your configuration run.
   ( /usr/mmdf/table/dbmbuild )

7. Re launch deliver
   ( /usr/mmdf/bin/deliver -b -T30 )


*** Removing Client ip address from Black Hole Lists ***

1. To check what if any black hole lists the client mail server may be
on goto  www.dnsstuff.com and enter the hostname or ip adress into
their spam database lookup. This will show a listing of about 70 or so
major black hole lists which may have the mail server listed. "Note:
for some reason the tables on this site only work with Internet
Explorer"

2. Contact each black hole list that you are listed on for how to
de-list.  Usually they have this information on their web page.


BofcusmNum1662? :

Add/Edit Comments or Links (no login required) (Refresh page to see your comments)

Authenticated users post here (login required)


Printer Friendly Version

Have you tried Searching this site?

Please read this disclaimer

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.