Red Hat ENTERPRISE LINUX 3 Reference Manual page 183

Chapter 11. Email
Sendmail makes it relatively easy to block new spamming techniques being employed to send junk
email. It even blocks many of the more usual spamming methods by default.
For example, forwarding of SMTP messages, also called relaying, has been disabled by default since
Sendmail version 8.9. Before this change occurred, Sendmail directs the mail host (
messages from one party (
must be configured to permit any domain to relay mail through the server. To configure relay domains,
edit the
/etc/mail/relay-domains
However, many times users are bombarded with spam from other servers throughout the Internet. In
these instances, Sendmail's access control features available through the
can be used to prevent connections from unwanted hosts. The following example illustrates how this
file can be used to both block and specifically allow access to the Sendmail server:
badspammer.com
tux.badspammer.com
10.0
This example states that any email sent from
RFC-821 compliant error code, with a message sent back to the spammer. Email sent from the
tux.badspammer.com
10.0.*.* network can be relayed through the mail server.
Because
/etc/mail/access.db
the following command as root:
makemap hash /etc/mail/access
This example only represents only a small part of what Sendmail can do in terms of allowing or block-
ing access. Refer to the
Since Sendmail calls the Procmail MDA when delivering mail, it is also possible to use a spam filtering
program, such as SpamAssassin to identify and file spam for users. Refer to Section 11.4.2.6 Spam
Filters for more about using SpamAssassin.
11.3.1.6. Using Sendmail with LDAP
Using the Lightweight Directory Access Protocol (LDAP) is a very quick and powerful way to find
specific information about a particular user from a much larger group. For example, an LDAP server
can be used to look up a particular email address from a common corporate directory by the user's last
name. In this kind of implementation, LDAP is largely separate from Sendmail, with LDAP storing
the hierarchical user information and Sendmail only being given the result of LDAP queries in pre-
addressed email messages.
However, Sendmail supports a much greater integration with LDAP, where it uses LDAP to replace
separately maintained files, such as
work together to support a medium- to enterprise-level organization. In short, LDAP abstracts the mail
routing level from Sendmail and its separate configuration files to a powerful LDAP cluster that can
be leveraged by many different applications.
The current version of Sendmail contains support for LDAP. To extend the Sendmail server using
LDAP, first get an LDAP server, such as OpenLDAP, running and properly configured. Then edit the
/etc/mail/sendmail.mc
LDAPROUTE_DOMAIN('yourdomain.com')dnl
FEATURE('ldap_routing')dnl
) and sent them to a different party (
y.com
file and restart Sendmail.
ERROR:550 "Go away and do not spam us anymore"
OK
RELAY
sub-domain, is accepted. The last line shows that any email sent from the
is a database, use
/etc/mail/access
/usr/share/sendmail-cf/README
aliases
to include the following:
badspammer.com
to activate any changes. Do this using
makemap
for more information and examples.
and
virtusertables
x.org
). Now, however, Sendmail
z.net
/etc/mail/access
is blocked with a 550
, on different mail servers that
165
) to accept
file