Jump to content
Sign in to follow this  
mcm77

[Resolved] SendMail configuration - SCBL + access.db

Recommended Posts

First off , THANK YOU all for the spamcop list. It works and has been a godsend. The issue I have here I beleive is a sendmail issue, but I have not gotten an answer and I am hoping one of you understands this better than I and will humor me with an answer.

We are a sendmail (8.12) house and have gone to using your dns blacklist i.e." FEATURE (`dnsbl','bl.spamcop.net',....". Until recently I have ignored my users who complain that certain folks can't send them email. But I am now having to deal with the whitelist issue.

For a simple whitelist I have made additions to /etc/mail/access and then build access.db. What I am finding is that addresses we have OK'd are still stopped. The basic issue I think is an order of precidence. My understanding is that anyone explicitly ok'd in the access.db should not be banned by subsequent blacklist checks. For us, this is not the case.

case 1:

Use the spamcop blacklist

in /etc/mail/access -- "user.ok[at]yahoo.com OK"

MAIL BLOCKED with the error message we give for the spamcop list

case 2:

use the spamcop blacklist

in /etc/mail/access -- "From:user.ok[at]yahoo.com OK"

{not sure which syntax is correct for /etc/mail/access in this version of sendmail }

MAIL BLOCKED

case 3:

use the spamcop blacklist

in /etc/mail/access -- "user.ok[at]yahoo.com ERROR:550 mail failed here"

MAIL BLOCKED-- with the message I use to identify the spamcop list mail- thus the order of precedence is that it got checked on the spamcop list before failing with our /etc/mail/access check.

case 4: {make sure access.db is really working}

dnl- the FEATURE enabling the spamcop list check

in /etc/mail/acces-- "user.ok.yahoo.com ERROR:550 mail fail here

MAIL BLOCKED this time by my explicitly failing it with the 550 error

-- therefor access.db is working, but it does not seem to take precidence over this dns blacklist checking.

so two questions

1) is there an error in my logic?

2) is there a work around for a simple whitelist?

Thanks in advance and THANKS AGAIN for the great list-

michael

Edited by mcm77

Share this post


Link to post
Share on other sites

...Sorry I don't know the answer to your question. However, I am moving this post from the "SpamCop Reporting Help" forum (it does not seem to have anything to do with the SpamCop parser) to the "SpamCop Blocklist Help" forum to join whilelisting some ip.

Share this post


Link to post
Share on other sites

...Sorry I don't know the answer to your question. However, I am moving this post from the "SpamCop Reporting Help" forum (it does not seem to have anything to do with the SpamCop parser) to the "SpamCop Blocklist Help" forum

I then changed the Title to something a bit more descriptive.

Share this post


Link to post
Share on other sites

In case you haven't found your answer, I had the same experience you had. You've got it half right with the access.db entries. Here's what I did at our site to make them override the dnsbl:

In sendmail.mc add the line

FEATURE(delay_checks)dnl

And then re-generate sendmail.cf

See Sendmail cf/README - Anti-spam Configuration Control for further details and a couple of side-effects that are easily dealt with.

Share this post


Link to post
Share on other sites

Nomorespam is correct- adding the FEATURE(delay_check)dnl did the trick.

For those looking for the entire solution, a synopis of whitelist using access / access.db is below:

1) in sendmail.mc > sendmail.cf, 2 lines are needed

FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl

{most standard configuations already have this working to enable access.db to be functional}

FEATURE(delay_checks)dnl

if you have had to add either line then you must rebuild sendmail.cf

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

2) add the users or servers or domains you want whitelisted to /etc/mail/access

for a simple user it is either

"FROM:user.ok[at]domain.com OK"

or

"user.ok[at]domain.com OK"

{syntax depends on version of sendmail- see the sendmail configuration README for your version}

then build the database file:

makemap hash /etc/mail/access.db < /etc/mail/access

3) restart sendmail and you should be good to go-

good luck and thanks to all have worked on the blacklists--

michael

Edited by mcm77

Share this post


Link to post
Share on other sites

Hi, michael,

...Thank you for letting us know your problem is resolved (and thanks nomorespam for the answer!). I will so mark this thread.

Share this post


Link to post
Share on other sites

am open to suggestions for a Subject Title to toss this into the FAQ ....

Share this post


Link to post
Share on other sites

section: SpamCop Blocking List Service

title: How do I build a local whitelist if I use sendmail?

michael

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×