Sender and receipient address verification by call ahead function.

smf-sav was originally written by Eugene Kurmanin, this version contains Gabriele Maria Plutzar's fixes (smf-sav-reloaded).

Original README from smf-sav-reloaded follows:

As the original Author Eugene Kurmanin has no interest in this widely used software any more, and didn't fix any bug, I, Gabriele Maria Plutzar release a "reloaded" version with heavy bugfixes. This version (smf-sav reloaded 2.0) should exactly do what you expect.

If you have bugfixes, or comments send them to [email protected]. Perhaps someone could test the IPV6 support, as I haven't done that yet.

It's a lightweight, fast and reliable Sendmail milter that implements a real-time Sender e-Mail Address Verification technology. This technology can stop some kinds of SPAM with a spoofed sender's e-Mail address. Also it implements a real-time Recipient e-Mail Address Verification technology. It can be useful if your machine is a backup MX for the recipient's domains or if your machine forwards all e-Mail messages as a relay host for your domains to another internal or external e-Mail servers. It's a lite alternative for the spamilter, milter-sender and milter-ahead milters.

Features:

- external editable configuration file;
- whitelist by an IP address (in CIDR notation);
- whitelist by a PTR (reverse DNS) record;
- whitelist by an envelope sender e-Mail address;
- whitelist by an envelope recipient e-Mail address;
- scalable and tunable fast in-memory cache engine;
- SMTP AUTH support;
- strictly RFC-2821 compliant MX callback engine;
- tolerance against non RFC-2821 compliant e-Mail servers;
- blocking of e-Mail messages with a spoofed sender's e-Mail address;
- recipient's e-Mail address verification with authoritative e-Mail stores;
- progressive slowdown of recipient's e-Mail address brute force attacks;
- Sendmail virtusertable and mailertable features full support.

Requirements: Linux/FreeBSD/Solaris, Sendmail v8.11 and higher compiled with the MILTER API support enabled, Sendmail Development Kit, POSIX threads library. Under FreeBSD the BIND v8 is required (pkg_add -r bind).

Edit the Makefile according to version of your Sendmail program and OS.

Under the root account: make make install

Inspect and edit the /etc/mail/smfs/smf-sav.conf file.

/usr/local/sbin/smf-sav or /usr/local/sbin/smf-sav -c /etc/mail/smfs/smf-sav.conf

Add this milter to start-up scripts before starting a Sendmail daemon. Look at the contributed samples of start-up scripts.

Add these lines to your Sendmail configuration file (usually sendmail.mc): define(confMILTER_MACROS_HELO', confMILTER_MACROS_HELO, {verify}')dnl INPUT_MAIL_FILTER(smf-sav', S=unix:/var/run/smfs/smf-sav.sock, T=S:30s;R:4m')dnl

IMPORTANT: make sure that /var/run is not a group writable directory! If so, or chmod 755 /var/run, or if it's impossible switch to another directory.

IMPORTANT: make sure that libmilter is compiled with BROKEN_PTHREAD_SLEEP defined. If this symbol is not defined, libmilter will use sleep() in signal-handler thread, which may cause various program misbehaviors, including coredumps. To rebuild Sendmail with this symbol defined, add the following line to your Sendmail/devtools/Site/site.config.m4:

APPENDDEF(confENVDEF', -DBROKEN_PTHREAD_SLEEP')

If you are using the milter-greylist milter, please, bear in mind that it has an incorrect proposition about the Sendmail macroses configuration. This one can break the smf-sav milter functionality.

If you have the smf-zombie and smf-grey milters installed, the smf-sav milter should be inserted after the smf-zombie milter and before the smf-grey milter.

If you want to have a highly improved and fully supported fusion of the smf-zombie, smf-sav and smf-grey milters consider to acquire the milter-spamblocker milter.

Rebuild of your Sendmail configuration file and restart a Sendmail daemon.

Under Linux add this line to your syslog.conf file and restart a Syslog daemon: xxx.info -/var/log/sav.log

Under FreeBSD run this command: touch /var/log/sav.log Then, add these lines to your syslog.conf file and restart a Syslog daemon: !smf-sav xxx.info -/var/log/sav.log

Where xxx is a corresponded syslog facility from your smf-sav configuration file.

If you want to exclude from logging the successfully verificated e-Mail addresses, and cached records set the syslog priority to 'notice' instead 'info'. They are just will be filtered out by a Syslog daemon.

Notes: The successfully authenticated senders will bypass all verification checks. Wildcard MX records with [square brackets] and standard MX records are fully supported for the Sendmail mailertable feature.

It's very useful to add at your Sendmail configuration file these lines:

define(confPRIVACY_FLAGS', goaway,noetrn,nobodyreturn,noreceipts')dnl define(confTO_COMMAND', 1m')dnl define(confTO_IDENT', 0s')dnl define(confMAX_DAEMON_CHILDREN', 256')dnl enlarge if it's required define(confCONNECTION_RATE_THROTTLE', 8')dnl enlarge if it's required define(confBAD_RCPT_THROTTLE', 1')dnl Sendmail v8.12+ FEATURE(greet_pause', 5000')dnl Sendmail v8.13+

Jim Holland (Zimbabwe) Nikolaj Wicker (Germany)

(maj) SAV policy switcher (reject/tag/quarantine) (v1.5.0); (maj) e-Mail messages Subject and header tagging (v1.5.0); (min) anti zombie hosts tricks and features (v1.6.0); (min) legitimate e-Mail messages friendly Greylisting technique (v1.7.0); (min) whitelists auto reloading (v1.8.0); (min) cache data dumping (v1.9.0); (min) cache data replication between multiple MX servers (v2.0.0); (?) something else? just let me know.

(min) - minor priority; (med) - medium priority; (maj) - major priority.

If you like this program, consider to purchase any of my commercial milters from http://spamfree.ru/ Thank you!

Any suggestions, support requests and bugs please send to [email protected]

Subscribe to SMFS announcements mailing list here: https://lists.sourceforge.net/lists/listinfo/smfs-list

Subscribe to SMFS users mailing list here: https://lists.sourceforge.net/lists/listinfo/smfs-users

SMFS development blog (opened for all): http://smfs.wordpress.com/

http://smfs.sourceforge.net/ http://sourceforge.net/projects/smfs/ http://kurmanin.info/