Blocking email from an envelope "from" address with Sendmail

Learning that lasts. Online courses from $14.99

For a mail server running Sendmail email server software, if you wish to block email from a particular "from" address to any email address on the server, you can include the address you wish to block in the /etc/mail/access file. E.g., if you wished to block email from the address spammer@example.com, you can include the following line in that file:

# Block envelope "from" address of spammers
spammer@example.com                     REJECT

Any line beginning with a # is treated as a comment, so the first line above isn't needed, but adding a comment line may help you recognize why the reject statement is in the file. After you have added the line, you need to regenerate the /etc/mail/access.db file, or create a new one if there isn't already one present, using the command shown below (you don't need to restart sendmail):

# makemap hash /etc/mail/access </etc/mail/access
#

This will only work if you have a FEATURE(`access_db')dnl line in /etc/mail/sendmail.mc. E.g., a line like the one below:

FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl

If you don't have such a line, you will need to add it. If the line begins with dnl, you will need to remove the dnl at the beginning of the line, since that "comments out" the line.

Note: the check of the "from" address applies to the "envelope from address", which may differ from the "from" address a user sees when looking at the "from" and "to" addresses in email in his inbox. When a sending email server transmits an email message to a receiving email server, it provides "envelope" information, which includes a "from" and "to" email address. It does so by issuing commands to the receiving server, such as those below:

mail from: someone@example.com
rcpt to: someone_else@moonpoint.com

If the receiving email server accepts the "from" and "to" addresses, the sending server then provides a data command followed by other lines containing the contents of the message, equivalent to a letter inside an envelope that you might send via the postal service. Within the data lines there will normally be a "from", "to", and "subject" lines, but those "from" and "to" lines don't have to match the ones provided as the envelope addresses. The receiving email server can treat those just as the postal service would treat the contents of a letter in an envelope where someone might have "Dear John Doe" and "Sincerely, Jane Adams" lines, i.e., the postal service can be oblivious to those, since it only needs to pay attention to envelope addresses. Usually, a user is unaware of the envelope addresses, though email programs may provide a way for a user to see the header details of a message, which will reveal the envelope addresses. Below is an example where the envelope address, spammer@example.com, differs from what the user sees as the "from" address of test@example.com.

From spammer@example.com Tue Apr 2 19:13:54 2024
Return-Path: <spammer@example.com>
Received: from monkey (d-192-168-185-91.mdde.cpe.somewhere.com
[192.168.185.91])
by moonpoint.com (8.14.7/8.14.7) with ESMTP id 432NCQNQ022318
for AbeLincoln@moonpoint.com; Tue, 2 Apr 2024 19:13:09 -0400
Date: Tue, 2 Apr 2024 19:12:26 -0400
Message-Id: <202404022313.432NCQNQ022318@moonpoint.com>
From: test@example.com
To: AbeLincoln@moonpoint.com
Subject: You have won

You have won a million dollars!

When you have added the spammer's email address to the /etc/mail/access file and regenerated the .db file, the sending server will see a message from the receiving server like the following one:

250 2.0.0 432NTExD023645 Message accepted for delivery
mail from: spammer@example.com
550 5.7.1 spammer@example.com... Access denied

The 550 returned by the receiving server indicates to the sending server that the email has been rejected by the receiving server.