Setting Sendmail to Refuse Possibly Forged Headers

Martin McCormick martin at
Thu Apr 15 09:31:17 PDT 2004

	The sendmail that comes with FreeBSD is set to disallow all
third-party relaying which is wonderful and how I want to keep things.

	In addition to that, I would like to try to set it to refuse
incoming mail with forged address headers.  Judging from the logs, it
seems to be pretty good at catching such messages and most of the ones
I look at that trigger this warning are spam.

	I get over 100 spam messages a day and bogofilter and
junkfilter catch about 80 to 90% of them, but it would be nice if they
didn't even successfully deliver.  Successful delivery may, itself
trigger more spam.

	After reading the man pages on, I am not sure if I
can safely do that or not.  Much of the information is actually how to
allow certain types of relaying.  Fortunately, I don't need to loosen

	Refusing mail from bogus addresses is slightly risky because
innocent mail senders may get bitten if something is wrong with their
local domain name server causing the reverse lookup to fail.  I will
just have to try it set that way for a while and see if anyone has
trouble who shouldn't.

	Thanks for any suggestions or for any documentation that
describes how to safely refuse forged Email without either turning on
more relaying or creating any other insidious situation that might not
be obvious.

Martin McCormick

More information about the freebsd-questions mailing list