From fpscha@servidor1.cursosvirtuales.com.ar Tue Jun  8 08:54:46 1999
Return-Path: <fpscha@servidor1.cursosvirtuales.com.ar>
Received: from servidor1.cursosvirtuales.com.ar (www.cursosvirtuales.com.ar [200.10.104.198])
	by hub.freebsd.org (Postfix) with ESMTP id 234D015012
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  8 Jun 1999 08:54:41 -0700 (PDT)
	(envelope-from fpscha@servidor1.cursosvirtuales.com.ar)
Received: (from fpscha@localhost)
	by servidor1.cursosvirtuales.com.ar (8.8.8/8.8.8) id MAA17606;
	Tue, 8 Jun 1999 12:57:18 -0300 (ART)
	(envelope-from fpscha)
Message-Id: <199906081557.MAA17606@servidor1.cursosvirtuales.com.ar>
Date: Tue, 8 Jun 1999 12:57:18 -0300 (ART)
From: fpscha@cvi.com.ar
Sender: fpscha@servidor1.cursosvirtuales.com.ar
Reply-To: fpscha@cvi.com.ar
To: FreeBSD-gnats-submit@freebsd.org
Subject: Mistake in anti spam rules for non-us domains.
X-Send-Pr-Version: 3.2

>Number:         12084
>Category:       conf
>Synopsis:       Mistake in anti spam rules for non-us domains.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun  8 09:00:01 PDT 1999
>Closed-Date:    Thu Jun 10 08:25:09 PDT 1999
>Last-Modified:  Thu Jun 10 08:25:49 PDT 1999
>Originator:     Fernando P. Schapachnik
>Release:        FreeBSD 2.2.8-RELEASE i386
>Organization:
>Environment:

I tested it only in 2.2.x as I don't have a 3.x available, but I think it's pertinent too.

The anti spam rules that come in /etc/mail/sendmail.cf.additions provide a
spamsites db to block known sources of spam.
The sendmail rules that implement that restriction are designed to block
the first every first level subdomain of the blocked domain.

Example:
	If the database says:
example.com	REJECT
	the rule will block host1.example.com, smtp.example.com, etc.


>Description:

The problem arise when you want to block some non-us domain.

Example:

spammer.com.ar	REJECT

	But one of the rules just search in the db "com.ar", which is not found. So the email keeps going through. If you add

com.ar		REJECT
	to the db, the every email from spammer.com.ar, goodguy.com.ar, etc. gets rejected.

>How-To-Repeat:

Add
cavallo.org.ar REJECT
to your spamsites db and connect to sendmail sending mail from user@cavallo.org.ar. The mail will pass.

>Fix:

Aplpy the following patch to /etc/mail/sendmail.cf.additions:

--- /etc/mail/sendmail.cf.additions	Mon Nov 30 02:15:29 1998
+++ sendmail.cf.additions	Tue Jun  8 12:45:14 1999
@@ -38,7 +38,11 @@
 #
 # host must NOT be in the "spamsites" database--BEGIN
 R$* $| $*		$: <$1 $| $2> $1
-R<$*> $+.$+.$+		<$1> $3.$4
+# Uncomment the following line if you what to block
+# host.domain.com having only domain.com in your db.
+# Be aware that this have the side effect of having to block
+# the hole com.ar in order to block domain.com.ar.
+#R<$*> $+.$+.$+		<$1> $3.$4
 R<$*> $+.$+		$: <$1> $(spamsites $2.$3 $)
 R<$*> $*.REJECT		$#error $: 521 blocked. contact postmaster@$m
 R<$*> $*		$: $1
@@ -70,7 +74,11 @@
 # mail must come from a DNS resolvable host--END
 # mail must NOT come from a known source of spam--BEGIN
 R$+ @$+			$: <$1@$2> $2
-R<$*> $+.$+.$+		<$1> $3.$4
+# Uncomment the following line if you what to block
+# host.domain.com having only domain.com in your db.
+# Be aware that this have the side effect of having to block
+# the hole com.ar in order to block domain.com.ar.
+#R<$*> $+.$+.$+		<$1> $3.$4
 R<$*> $*		$: $(spamsites $2 $: OK $)
 R$+.REJECT		$#error $@ 5.7.1 $: 550 $1
 R<$*> $*		$: $1


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: sheldonh 
State-Changed-When: Thu Jun 10 08:25:09 PDT 1999 
State-Changed-Why:  
Thanks, but we don't use sendmail.cf.additions any more. 
>Unformatted:
