Why is sendmail accepting unresolvable domains? [accept_unresolvable_domains v. require_rdns]
in [Sendmail]
|
Prev: Why is sendmail accepting unresolvable domains?
Next: Why is sendmail accepting unresolvable domains? [accept_unresolvable_domainsv. require_rdns]
From: Andrzej Adam Filip on 2 Feb 2010 16:37 Mike <test(a)test.org> wrote: > I've noticed a lot of spam with unresolvable domains lately. > > Received: from parse-2a98e1d46 ([81.90.152.240]) > by mydomain.com (8.13.8/8.13.8) with SMTP id o12JU8bO032012 > for <validuser(a)mydomain.com>; Tue, 2 Feb 2010 12:30:15 -0700 > > But 81.90.152.240 does not reverse e.g., it has no PTR record. > > The sendmail.mc file on this MX server has the line: > > dnl FEATURE(`accept_unresolvable_domains')dnl > > I'm at a loss as to why sendmail isn't rejecting this. FEATURE(accept_unresolvable_domains) is about "envelope sender". [ Email address in "MAIL FROM:" command in SMTP session ] FEATURE(require_rdns) allows to reject for missing revDNS of the sending host. -- [pl>en Andrew] Andrzej Adam Filip : anfi(a)onet.eu : Andrzej.Filip(a)gmail.com Open-Sendmail: http://open-sendmail.sourceforge.net/ With/Without - and who'll deny it's what the fighting's all about? -- Pink Floyd
From: Andrzej Adam Filip on 3 Feb 2010 02:59
Mike <test(a)test.org> wrote: > Andrzej Adam Filip wrote: >> Mike <test(a)test.org> wrote: >>> I've noticed a lot of spam with unresolvable domains lately. >>> >>> Received: from parse-2a98e1d46 ([81.90.152.240]) >>> by mydomain.com (8.13.8/8.13.8) with SMTP id o12JU8bO032012 >>> for <validuser(a)mydomain.com>; Tue, 2 Feb 2010 12:30:15 -0700 >>> >>> But 81.90.152.240 does not reverse e.g., it has no PTR record. >>> >>> The sendmail.mc file on this MX server has the line: >>> >>> dnl FEATURE(`accept_unresolvable_domains')dnl >>> >>> I'm at a loss as to why sendmail isn't rejecting this. >> >> FEATURE(accept_unresolvable_domains) is about "envelope sender". >> [ Email address in "MAIL FROM:" command in SMTP session ] >> >> FEATURE(require_rdns) allows to reject for missing revDNS of the sending host. >> > Thank you! > > I see I need sendmail 8.14 or later for that feature. > This is a CentOS 5 box so I think I'll wait 'til they (RedHat) starts > including sendmail 8.14. Or I guess alternatively I could use the > hack I've seen floating around. ? You may use FEATURE(`anfi/require_rdns') in older sendmail versions. It is provided at http://open-sendmail.sourceforge.net/ It requires only adding one file in m4/feature directory and recompiling sendmail.mc into sendmail.cf. I have posted instruction how anfi/require_rdns can be used e.g. to check revDNS for all countries except a few "near by countries" - IMHO it is a good idea in most cases allowing to avoid most of "too picky" risks. -- [pl>en Andrew] Andrzej Adam Filip : anfi(a)onet.eu : Andrzej.Filip(a)gmail.com Open-Sendmail: http://open-sendmail.sourceforge.net/ The best you get is an even break. -- Franklin Adams |