Milters vs Sendmail access list vs DNSBLs

[J]

Can anyone tell me when these three items are usually called? I have a
large Sendmail access list full of spamming domains. I also make
numerous calls to DNSBLs. Finally I also make use of SpamAssassin via
MIMEDefang. Can anyone tell me what order these are used by default?
I'm including my sendmail.mc in case it will help. I believe I want
them to be checked in the order I mentioned them above: access list,
DNSBLs, Milters. I know delay_checks does something to this order but I
honestly can't remember what.

Thanks
J

PS==> For clarification, I only use DNSBLs that I can get an AXFR of.
I'm making all the Osirusoft queries individually for statistical
reasons. The trailing call to the ORSS is because I've seen a few IPs
not in one of the sub-domains but in the base domain for some odd
reason. And yes, this box is still running 8.12.6. I'm waiting for
permission to upgrade it.

include(`/usr/local/src/sendmail/sendmail-8.12.6/cf/m4/cf.m4')
define(`confDEF_USER_ID',``8:12'')
OSTYPE(`linux')
undefine(`UUCP_RELAY')
undefine(`BITNET_RELAY')
dnl define(`confAUTO_REBUILD')
define(`confTO_CONNECT', `1m')
define(`confTRY_NULL_MX_LIST',true)
define(`confDONT_PROBE_INTERFACES',true)
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')
define(`confLOG_LEVEL',`13')
define(`confMILTER_LOG_LEVEL',`8')
define(`confMIN_FREE_BLOCKS',`10240')
define(`confMAC_HEADERS_LENGTH',`64')
define(`QUEUE_DIR',`/var/mail/mqueue')
define(`confQueueDirectory',`/var/mail/mqueue')
define(`confDELAY_LA',`8')
define(`confQUEUE_LA',`10')
define(`confREFUSE_LA',`20')
define(`confMAX_DAEMON_CHILDREN',`60')
dnl Defined below to 3?
dnl define(`confCONNECTION_RATE_THROTTLE',`20')
define(`confPRIVACY_FLAGS',`authwarnings,goaway,noexpn,novrfy,needmailhelo,restrictmailq,restrictqrun')dnl
define(`confDONT_BLAME_SENDMAIL',`GroupWritableAliasFile')
define(`HELP_FILE', `/etc/mail/helpfile')dnl
dnl define(`LUSER_RELAY',`local:unknown')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')
FEATURE(`mailertable',`hash -o /etc/mail/mailertable')
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')
FEATURE(redirect)
FEATURE(always_add_domain)
dnl Feature to use the local-host-names file
FEATURE(use_cw_file)dnl
dnl Feature to use trusted-users file
FEATURE(use_ct_file)dnl
FEATURE(local_procmail)
FEATURE(`access_db')
FEATURE(`blacklist_recipients')
define(`confSMTP_LOGIN_MSG',`$j server ready at $b. SPAM, UCE, and UBE
will NOT be tolerated.')dnl
define(`confMAX_RCPTS_PER_MESSAGE',`200')dnl
define(`confBAD_RCPT_THROTTLE',`3')
define(`confNO_RCPT_ACTION',`add-to-undisclosed')
dnl define(`confMAX_HEADERS_LENGTH',`16384')dnl
define(`confCONNECTION_RATE_THROTTLE',`3')dnl
define(`confMAX_MESSAGE_SIZE',`15728640')
dnl define(`confMAX_MESSAGE_SIZE',`10485760')

dnl ### Added to delay the IP checks to log the recipient of the spam
FEATURE(`delay_checks', `friend')
dnl FEATURE(`delay_checks', `hater')

dnl We strongly recommend to comment this one out if you want to protect
dnl yourself from spam. However, the laptop and users on computers that do
dnl not hav 24x7 DNS do need this.
dnl FEATURE(`accept_unresolvable_domains')
dnl FEATURE(`relay_based_on_MX')

FEATURE(dnsbl,`dialups.mail-abuse.org', `***REJECTED*** Direct-to-MX
mail denied. Use the SMTP server of your provider - see
http://mail-abuse.org/cgi-bin/lookup?$&{client_addr}')dnl
FEATURE(dnsbl,`relays.mail-abuse.org', `***REJECTED*** Open Spam Relay
- Mail from known open relays is prohibited - see
http://mail-abuse.org/cgi-bin/nph-rss?$&{client_addr}')dnl

dnl 20021018 changes relays.ORSS to 5 individual lists
FEATURE(dnsbl,`spamhaus.relays.osirusoft.com', `"***REJECTED*** ORSS -
Spamhaus - Spam is prohibited -
http://relays.osirusoft.com/cgi-bin/rbcheck.cgi?addr="$&{client_addr}')dnl
FEATURE(dnsbl,`proxy.relays.osirusoft.com', `"***REJECTED*** ORSS -
Proxy - Spam is prohibited -
http://relays.osirusoft.com/cgi-bin/rbcheck.cgi?addr="$&{client_addr}')dnl
FEATURE(dnsbl,`socks.relays.osirusoft.com', `"***REJECTED*** ORSS -
SOCKS - Spam is prohibited -
http://relays.osirusoft.com/cgi-bin/rbcheck.cgi?addr="$&{client_addr}')dnl
FEATURE(dnsbl,`spamsites.relays.osirusoft.com', `"***REJECTED*** ORSS -
Spamsites - Spam is prohibited -
http://relays.osirusoft.com/cgi-bin/rbcheck.cgi?addr="$&{client_addr}')dnl
FEATURE(dnsbl,`spews.relays.osirusoft.com', `"***REJECTED*** ORSS -
SPEWS - Spam is prohibited -
http://relays.osirusoft.com/cgi-bin/rbcheck.cgi?addr="$&{client_addr}')dnl
FEATURE(dnsbl,`inputs.relays.osirusoft.com', `"***REJECTED*** ORSS -
Inputs - Spam is prohibited -
http://relays.osirusoft.com/cgi-bin/rbcheck.cgi?addr="$&{client_addr}')dnl
FEATURE(dnsbl,`spamsources.relays.osirusoft.com', `"***REJECTED*** ORSS
- Spamsources - Spam is prohibited -
http://relays.osirusoft.com/cgi-bin/rbcheck.cgi?addr="$&{client_addr}')dnl
FEATURE(dnsbl,`dialups.relays.osirusoft.com', `"***REJECTED*** ORSS -
Dialups - Spam is prohibited -
http://relays.osirusoft.com/cgi-bin/rbcheck.cgi?addr="$&{client_addr}')dnl
FEATURE(dnsbl,`relays.osirusoft.com', `"***REJECTED*** ORSS - OsiruSoft
- Spam is prohibited -
http://relays.osirusoft.com/cgi-bin/rbcheck.cgi?addr="$&{client_addr}')dnl

dnl Visi's RSL is temp offline due ot HW failures. December 16, 2002
dnl FEATURE(dnsbl,`relays.visi.com', `"***REJECTED*** RSL - Spam is
prohibited - see http://relays.visi.com/nph-l.cgi?"$&{client_addr}')dnl
dnl FEATURE(dnsbl,`blackholes.2mbit.com', `***REJECTED*** SBL - Spam is
prohibited - see http://blackholes.2mbit.com/')dnl
FEATURE(dnsbl,`list.dsbl.org', `"***REJECTED*** DSBL LIST - Spam is
prohibited - see http://www.dsbl.org/listing.php?ip="$&{client_addr}')dnl
dnl FEATURE(dnsbl,`flowgoaway.com', `***REJECTED*** Flowgo spam is
prohibited')dnl
dnl FEATURE(dnsbl,`multihop.dsbl.org', `"***REJECTED*** DSBL MULTIHOP -
Spam is prohibited - see
http://www.dsbl.org/listing.php?ip="$&{client_addr}')dnl
dnl FEATURE(dnsbl,`blackholes.five-ten-sg.com', `***REJECTED***
five-ten-sg - Spam is prohibited - see
http://www.five-ten-sg.com/blackhole.php')dnl

MAILER(smtp)
MAILER(procmail)

define(`MILTER', 1)
dnl MIMEDefang and SpamAssassin
INPUT_MAIL_FILTER(`mimedefang',
`S=unix:/var/mail/MIMEDefang/mimedefang.sock, F=T, T=S:60s;R:60s;E:5m')

dnl Good information here:
dnl http://www.sendmail.org/m4/tweakingoptions.html
dnl http://www.brettglass.com/spam/paper.html

LOCAL_CONFIG
#
# Regular expression to reject:
# * numeric-only localparts from aol.com and msn.com
# * localparts starting with a digit from juno.com
#
Kcheckaddress regex -a@MATCH
^([0-9]+<@(aol|msn)\.com|[0-9][^<]*<@juno\.com)\.?>
#
# Names that won't be allowed in a To: line (local-part and domains)
#
C{RejectToLocalparts} friend you
C{RejectToDomains} public.com

LOCAL_RULESETS
HTo: $>CheckTo

SCheckTo
R$={RejectToLocalparts}@$* $#error $: "553 Header error -- Bogus
sender or domain"
R$*@$={RejectToDomains} $#error $: "553 Header error -- Bogus
sender or domain"

HMessage-Id: $>CheckMessageId
# make sure message ID has two parts separated by an @
SCheckMessageId
R< $+ @ $+ > $@ OK
R$* $#error $: "553 Header error -- Invalid MessageID"

LOCAL_RULESETS
SLocal_check_mail
# check address against various regex checks
R$* $: $>Parse0 $>3 $1
R$+ $: $(checkaddress $1 $)
R@MATCH $#error $: "553 Header error"

LOCAL_RULESETS
HSubject: $>Check_Subject
# crude check for Melissa virus
D{MPat}Important Message From
D{MMsg}This message may contain the Melissa virus.
D{MPat}Snowhite and the Seven Dwarfs - The REAL story!
D{MMsg} ***REJECTED*** This message is infected with the
W95.Hybris.gen virus.

D{MPat}Fwd:Peace BeTweeN AmeriCa and IsLaM!
D{MMsg} ***REJECTED*** This message is infected with the W32.Vote.A@mm
virus.

D{MPat}Fwd:This War Must Be Done!
D{MMsg} ***REJECTED*** This message is infected with the W32.Vote.B@mm
virus.

D{MPat}Fwd:Peace BeTweeN AmeriCa and IsLaM!
D{MMsg} ***REJECTED*** This message is infected with the
W32.Vote.gen@mm virus.

SCheck_Subject
R${MPat} $* $#error $: 553 ${MMsg}

[Alton Yu]

I think the dnsbls get called immediately on connection. The milters and
access_db work around the same time, but of course, your access_db will
eventually do the stoppage or decide the fate of the mail when the headers
are thrown into the smtp session.

You can see more if you set O LogLevel=15 in the sendmail.cf

Alton

"J" <use...@linuxnuts.net> wrote in message
news:w2esa.2098$3f7.1...@newssvr28.news.prodigy.com...

[J]

Alton Yu wrote:

> I think the dnsbls get called immediately on connection. The milters and
> access_db work around the same time, but of course, your access_db will
> eventually do the stoppage or decide the fate of the mail when the headers
> are thrown into the smtp session.
>
> You can see more if you set O LogLevel=15 in the sendmail.cf
>
> Alton
>
> "J" <use...@linuxnuts.net> wrote in message
> news:w2esa.2098$3f7.1...@newssvr28.news.prodigy.com...
>
>>Can anyone tell me when these three items are usually called? I have a
>>large Sendmail access list full of spamming domains. I also make
>>numerous calls to DNSBLs. Finally I also make use of SpamAssassin via
>>MIMEDefang. Can anyone tell me what order these are used by default?
>>I'm including my sendmail.mc in case it will help. I believe I want
>>them to be checked in the order I mentioned them above: access list,
>>DNSBLs, Milters. I know delay_checks does something to this order but I
>>honestly can't remember what.

Thanks for the reply. While still allowing for the access list to
override the DNSBL, I'd like the access list and DNSBL checks to be done
before the Milter is consulted, I think. See if the access list can
override the DNSBL and Milter, then in my mind's eye the Milter would
have to be consulted for all mail. So if I have a REJECT entry of
thisdomain.com in my access list and that relay IP is also in a
blacklist I use, I still think the Milter is consulted. I'm not sure
but I think that's what happening. Even though access list can override
everything, I think the DNSBLs and Milters are consulted prior to the
decision being ultimately made at the access list. Is that right? I
think I've managed to confuse myself.

J

[Alton Yu]

"J" <use...@linuxnuts.net> wrote in message

news:go_sa.8928$zv6.194...@newssvr12.news.prodigy.com...

Actually, the access does not override the DNSBL because the DNSBL is done
upon connection. I do however think that the access_db is done at around the
same time as the milter, but the access will override the milter (if you've
reject set).

[Claus Aßmann]

J wrote:
> Can anyone tell me when these three items are usually called? I have a

The source code...

> large Sendmail access list full of spamming domains. I also make
> numerous calls to DNSBLs. Finally I also make use of SpamAssassin via
> MIMEDefang. Can anyone tell me what order these are used by default?
> I'm including my sendmail.mc in case it will help. I believe I want
> them to be checked in the order I mentioned them above: access list,
> DNSBLs, Milters. I know delay_checks does something to this order but I
> honestly can't remember what.

See cf/README.

Simplified answer:

1. access
2. DNSBL
3. milter

Note that the access DB is used in several stages of the SMTP
dialogue (just as milter), hence the above answer is not complete...

If you have an actual problem that you are trying to solve,
maybe you should tell us about it.

--
A: Maybe because some people are too annoyed by top-posting.
Q: Why do I not get an answer to my question(s)?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?