1) Lonig as root and go to /etc/

cd /etc/

2) Make backup of current config

cp sendmail.cf sendmail.cf.back
cp /usr/lib/opcenter/sendmail/install/sendmail.mc /usr/lib/opcenter/sendmail/install/sendmail.mc.back

3) Go to /etc/mail

cd /etc/mail/

4) Download config for sendmail and rename it to xs4all-block-sobig.mc

wget http://www.webhits.de/tools/xs4all-block-sobig.mc.txt
mv xs4all-block-sobig.mc.txt xs4all-block-sobig.mc

5) Run

makemap hash /etc/mail/nosobigblock < /dev/null

read about this file in xs4all-block-sobig.mc in the comments

6) Add new configuration string into existing sendmail config

pico /usr/lib/opcenter/sendmail/install/sendmail.mc
and add string
include(`/etc/mail/xs4all-block-sobig.mc')
after Cwlocalhost.localdomain

exit with save

7) Run

m4 /usr/lib/opcenter/sendmail/install/sendmail.mc > /etc/sendmail.cf

Restart sendmail

service sendmail restart


Thats all. Sendmail must restart and work. And after some time you will see in /var/log/maillog string like this
....sendmail[32055]: h83Eq8132055: Sobig.F blocked. from=tom_cat_187@hotmail.com....


If something fails you can always back your previous configuration from files /etc/sendmail.cf.back and /usr/lib/opcenter/sendmail/install/sendmail.mc.back

But all this steps works fine for me...

Regards

---------- Answer to alexf152

This is strange - I can't add post. So try to write there.

May be you bind your sendmail to localhost after regenerating config files? Try to search string

O DaemonPortOptions=Port=smtp, Addr=127.0.0.1, Name=MTA

and remove option Addr

O DaemonPortOptions=Port=smtp, Name=MTA

Then restart sendmail.

Great HowTo!

In the interest of helping others I would just like to mention that a more effective way that I have found is a combination of MailScanner and APF.

I have MailScanner email me warnings about viruses that it finds and it includes the IP address of the computer that sent it. I then edit /etc/apf/deny_hosts.rules and add that IP addres at the bottom and block the traffic outright.

Since those emails are likely from a computer you don't even know and your addresss was simply another harvested email address then it makes sense to just block the IP which saves you from having to process the traffic, saving money and precious processor cycles.

Just my take on things.

Jon

much easier than both ways to use procmail.

You don't want to ban IP's, they could very well be your clients.

I agree ... easies way is using procmail recipes.

see this post:
http://forums.rackshack.net/showthread.php...&threadid=30858

I tried this method.

I included the file from sendmail.mc. Regenerated sendmail.cf and then restarted sendmail.

But then I couldn't send any mail through the server. I reverted back to the old sendmail.cf and sendmail.mc

Anybody else have the same issue?