Setting Sendmail to Refuse Possibly Forged Headers

Dan Nelson dnelson at
Thu Apr 15 10:26:40 PDT 2004

In the last episode (Apr 15), Martin McCormick said:
> 	The sendmail that comes with FreeBSD is set to disallow all
> third-party relaying which is wonderful and how I want to keep
> things.
> 	In addition to that, I would like to try to set it to refuse
> incoming mail with forged address headers.  Judging from the logs, it
> seems to be pretty good at catching such messages and most of the
> ones I look at that trigger this warning are spam.

Take a look at the milter-sender port, which checks the sender's email
address and verifies that an smtp server is listening.  It's not
something that can be done within sendmail, which is why it's a milter.

Another thing to check is the HELO string.  The following will block
all incoming mails claiming to be the mailserver itself.  Replace
XXXXXX your with server's IP and domainnames, spearated by spaces (so
"C{RejectHelo}", for example).  I deny ~500 spams
a day with this rule alone.

#+\/+ Block connections from servers that try and send our IP or hostname in the HELO


R$*			$: $1 $| $&s	Put helo name in workspace
R$* $| $={RejectHelo}	$#error $@ 5.7.1 $: "550 Spammer access denied"
R$* $| $*		$: $1		Extract helo from workspace if it doesn't match

	Dan Nelson
	dnelson at

More information about the freebsd-questions mailing list