Sendmail reject non-extant hosts? RFC1123
Jack L. Stone
jackstone at sage-one.net
Sun Jul 20 15:37:37 PDT 2003
At 09:38 PM 7.20.2003 +0100, Matthew Seaman wrote:
>On Sun, Jul 20, 2003 at 01:37:15PM -0500, Kevin Kinsey, DaleCo, S.P. wrote:
>> I'm not happy that Sendmail is
>> allowing connections from non-
>> existent hosts (i.e., spammers...)
>>
>> I run Sendmail more or less straight
>> "out of the box" on -stable. I had
>> been under the impression that the
>> line
>>
>> ALL : PARANOID : RFC931 20 : deny
>>
>> in /etc/hosts.allow would help reject
>> some of this stuff. However, as the
>> amount of spam in my inbox is
>> beginning to attest, this isn't the case.
>>
>> I've been googling and searching the
>> archives with strings similar to the
>> one in the title, and haven't yet grok
>> what I'm supposed to do to get this
>> to work...
>>
>> So, how do I tell Sendmail that if
>> a host doesn't exist, (i.e. d3kr890d.129ddk.org)
>> I don't want to talk to it...
>
>The way that sendmail(8) uses tcp wrappers is slightly different to
>most daemons. Instead of outright refusing to connect (which would
>lead to the other side trying again every half hour or so for the next
>five days), it permits the remote side to connect and then issues a
>permanent reject code during the SMTP dialogue.
>
>Even without enabling tcp wrappers functionality, sendmail should
>still reject egregiously forged addresses. You have to add
>
> FEATURE(`accept_unresolvable_domains')dnl
>
>to your `hostname`.mc file to allow incoming mail from domains without
>either A or MX records registered in the DNS.
>
> Cheers,
>
> Matthew
Matthew: Are you saying that the above 'FEATURE' should be used in addition
to Dan Nelson's suggestion for the adding of these local_rules...?
http://www.sendmail.org/~ca/email/chk-810.html#810UNRESOLVIP
This is something I had been looking for & just yesterday made up a
procmail recipe to grab the forgeries specifically. I'm getting quite a few
of them here.
Best regards,
Jack L. Stone,
Administrator
SageOne Net
http://www.sage-one.net
jackstone at sage-one.net
More information about the freebsd-questions
mailing list