Howto Configure MMDF for inbound and outbound relay control authhosts
Matt Lewis
August 30, 2002
Premise:
Probably this action is being taken for one of two reasons.
a. Client is being sent unsolicited email to the point of server
failure or extreme slowness
b. Client has had their domain-name / ip address blacklisted by one or
many of the various real time black hole DNS list servers.
Solution:
a. Close the clients open relay by applying an auth-hosts list for
MMDF
b. Get client de-listed from the various black hole lists that they
may be entered on.
c. Contact your internet service provider and have relay for their
mail server turned back on for outbound email from clients mail
server.
Result:
a. This setup will give you an mmdf config that will block relay
before the message is copied to the server that is in the smtp session
itself.
b. The following setup assumes you are using a smart-host to send out
non local mail. This can be easily changed by putting in the
Nameserver feature.
-------------------------------------------------------------------------------
*** Closing Open-Relay with Authhosts ***
1. Shut down deliver process so that additional spam email does not
cripple the system
( kill -9 process id of deliver)
2. Make a list of all ip addresses on the local area network of the
client
3. As root edit /etc/hosts to include a full resolution of each ip
address that you discovered.
exa.
10.1.0.21 ardept1.testdomain.com ardept1
Note: A fully qualified address must be used as the first alias
for the ip address in /etc/hosts. That is it must be in the form
hostname.domainname
10.1.0.21 ardept1 ardept1.testdomain.com # Will not work for
MMDF
4. Next as user mmdf edit /usr/mmdf/mmdftailor and add the following
entries.
MTBL show="MMDF authorization", name=authhosts, file=authhosts,
flags=file
Then on each outgoing mail channel. Add auth=inblock,
outsrc=authhosts,indest=authhosts
This says to use an authorization filter for all outgoing and
incoming mail. And that this filter
is defined in /usr/mmdf/table/authhosts
Example mmdftailor entries below on how to add this..
-------------------
MCHN show="Mailing list processor", name=list, que=list, tbl=list,
pgm=list, ap=same, mod=imm, host=tuffmc.com, auth=inblock,
outsrc=authhosts, indest=authhosts
MCHN show="SMTP channel", name=smtp, que=smtp, tbl=smtpchn, pgm=smtp,
ap=822, mod=host, confstr="charset=7bit", auth=inblock,
outsrc=authhosts, indest=authhosts
MCHN show="Smart-host Routing for hosts", name=badhosts, que=badhosts,
tbl=smtpchn, pgm=smtp, ap=822, mod=host,
confstr="charset=7bit,hostname=testdomain.com",
host=smtp.internetprovider.com, auth=inblock, outsrc=authhosts,
indest=authhosts
MCHN show="Nameserver Delay channel", name=delay, que=delay,
tbl=smtpchn, pgm=delay, ap=same
-----------------------------
5. Now create /usr/mmdf/table/authhosts
( touch /usr/mmdf/table/authhosts )
Edit this file. At the top put in local: followed by the fully
qualified hostnames that you entered
into /etc/hosts
Note: ip addresses will not work in authhosts. MMDF will not know
what to do with it and the pc
will not be able to send out any mail.
example /usr/mmdf/table/authhosts
--------------------
local:
michele.testdomain.com
tuff1.testdomain.com
tuff2.testdomain.com
tuff3.testdomain.com
tuff4.testdomain.com
tuff5.testdomain.com
tuff6.testdomain.com
tuff7.testdomain.com
tuff8.testdomain.com
tuff9.testdomain.com
tuff10.testdomain.com
tuff11.testdomain.com
tuff12.testdomain.com
--------------------
6. To re-build all hashed databases and update your configuration run.
( /usr/mmdf/table/dbmbuild )
7. Re launch deliver
( /usr/mmdf/bin/deliver -b -T30 )
*** Removing Client ip address from Black Hole Lists ***
1. To check what if any black hole lists the client mail server may be
on goto www.dnsstuff.com and enter the hostname or ip adress into
their spam database lookup. This will show a listing of about 70 or so
major black hole lists which may have the mail server listed. "Note:
for some reason the tables on this site only work with Internet
Explorer"
2. Contact each black hole list that you are listed on for how to
de-list. Usually they have this information on their web page.