The qmail patches for anti-spamming are obsoleted now. Because it is very harmful to modify the excellent djb's code :).
For anti-spamming, you should use netqmail with antibadmail, with is much more configurable.
Again, qmail patches was obsoleted by MTA-independent generic SMTP wrapper antibadmail, which has the same feature as this qmail patches and more!
Enables;
Include badrcptto patch
Enables wild-card matching in badmailfrom filtering. Each line begins with period is regarded as wildcard.
(badrcptto-badhelo-3) mfcheck() recognize VERP seed format(***-@***-@[]).
(anti-badmail-12) $RELAYCLIENT and $RELIABLECLIENT also effective against bmfcheck(referring badmailfrom).
Setting ACCEPTDOMAINS to acceptable domains in tcpserver
rule file. Domains listed in this variable should be
accepted even if that domain is in
/var/qmail/control/badmailfrom list.
With this feature, you can reject all false @hotmail.com
while real hotmail messages from real hotmail servers. To
achieve this, put
=.hotmail.com:allow,ACCEPTDOMAINS="@hotmail.com"
in tcpserver's rule and put @hotmail.com in
badmailfrom file. Note that tcpserver for
qmail-smtpd should be invoked *WITHOUT* -H flag(-H means not
to lookup remote host name).
When you had old mail account on you previously used, you want to forward emails to current server. In such case, you ought to know "forwarded email are full of spam!!", because your current mail server should rely the forwarding servers. Against this problem, this qmail-patch reject forwarded mail from other forwarding servers all email except those listed in $ACCEPTDOMAINS if the environment variable ADONLY is set. If you want to limit forwarded emails from old server to *.jp and *.org, put
=old.server.previously.used:allow,ACCEPTDOMAINS=".jp/.org",ADONLY=""
in tcpserver's rule.
Reject all mail of localpart-only sender, except messages of bounce or messages from RELAYCLIENT.
Reject mail from host which said HELO as helo-host listed in /var/qmail/control/badhelo. Entries starting with period are treated as wildcard.
Some spammer's smtp hosts say helo with bogus IP address. Almost all the cases with bogus IP address HELO are SPAM. Reject them.
(anti-badmail-9) No dots in HELO host string assumed to be badhost.
(anti-badmail-17) Suffix `:unknown' in control/badhelo is available. `.foo.bar:unknown' in control/badhelo rejects HELO string *.foo.bar from unkown host.
In any case above, badhelo check is skipped when $RELAYCLIENT or $RELIABLECLIENT is set.
If the environment variable BADHOST set, reject the mail from that host with SMTP error 553. It is bad idea to refuse TCP connection from SPAM host, because they will try to connect to secondary MX and/or more. Set $BADHOST by tcpserver as follows;
=.evil.domain:allow,BADHOST=""
Requires tcpserver with tcpserver-paranoid patch.
It is true IP'addresse's DNS PTR record is not absolutely required. But almost all UBE sender disguise or omit PTR record.
If you want to reject mail from server whose PTR record is disguising, do
echo 1 > /var/qmail/control/paranoid
and replace tcpserver with tcpserver-paranoid patch. qmail-smtpd will reject mail from such host whose IP address has invalid PTR record.
In most case, spammer's sending computer is connected by unknown host(IP address without PTR record). So it is best way to reject from unknwon host. But in fact, many desirable good messages are come from unknown host, because some mail-server administrators can't imagine the importance of correct DNS settings.
For this problem, we should request PTR record to IP-address blocks for unfamiliar country. If you and your site's users all don't have need to communicate with AAA-country, and IP-address block of `XXX.YYY.*.*' is allocated to AAA-country, put
XXX.YYY.:allow,REQPTR=""
in tcpserver's rule file. All connections from XXX.YYY.*.* without PTR record will be rejected.
This patch requires qmail-1.03-mfcheck.3.patch(apply mfcheck patch first).
Assume you already have qmail-1.03 source. Installation of this anti-badmail version is the same as qmail-1.03.
# cat THIS_PATCH_FILE | patch
Compilation and installation are done by
# make setup check
If you have no /var/qmail installed yet, please consult INSTALL.* files in the source directory.
My domain's `badmailfrom, badrcptto, badhelo' database.
% cvs -d :pserver:anonymous@yatex.org:/qmail co spamdb
You can append smtp-badhost file in this directory to
tcpserver's smtp-rule file.
Typical management method of spamdb if you trust my db... :)
# cd /var/qmail/control # mkdir LOCAL # mv -f badmailfrom badrcptto badhelo LOCAL # cvs -d :pserver:anonymous@yatex.org:/qmail co spamdb # vi Makefile (and create Makefile as below)
all: cvs badmailfrom badrcptto badhelo badmailfrom: LOCAL/badmailfrom spamdb/badmailfrom cat LOCAL/badmailfrom spamdb/badmailfrom > $@ badrcptto: LOCAL/badrcptto spamdb/badrcptto cat LOCAL/badrcptto spamdb/badrcptto > $@ badhelo: LOCAL/badhelo spamdb/badhelo cat LOCAL/badhelo spamdb/badhelo > $@ cvs: @(cd spamdb; cvs -q up -Pd)
Finally, create a crontab entry like this;
*/30 * * * * (cd /var/qmail/control; make)
Fingerprint16 = FF F9 FF CC E0 FE 5C F7 19 97 28 24 EC 5D 39 BA