From owner-freebsd-questions Tue Apr 16 22:46: 0 2002 Delivered-To: freebsd-questions@freebsd.org Received: from chen.org.nz (adsl-210.54.19.51.quicksilver.net.nz [210.54.19.51]) by hub.freebsd.org (Postfix) with ESMTP id C4EE637B416 for ; Tue, 16 Apr 2002 22:45:56 -0700 (PDT) Received: from grimoire.chen.org.nz (localhost [127.0.0.1]) by chen.org.nz (8.12.2/8.12.2) with ESMTP id g3H5iXbe063177; Wed, 17 Apr 2002 17:44:33 +1200 (NZST) (envelope-from jonc@grimoire.chen.org.nz) Received: (from jonc@localhost) by grimoire.chen.org.nz (8.12.2/8.12.2/Submit) id g3H5iUc7063176; Wed, 17 Apr 2002 17:44:30 +1200 (NZST) Date: Wed, 17 Apr 2002 17:44:30 +1200 From: Jonathan Chen To: Giorgos Keramidas , Sam , questions@FreeBSD.ORG Subject: Re: rc.firewall rules help Message-ID: <20020417174430.A63154@grimoire.chen.org.nz> References: <3CBC6847.5D03116B@vortex.wa4phy.net> <20020417012021.GA28097@hades.hell.gr> <20020417144131.B62542@grimoire.chen.org.nz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020417144131.B62542@grimoire.chen.org.nz>; from jonc@chen.org.nz on Wed, Apr 17, 2002 at 02:41:31PM +1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Apr 17, 2002 at 02:41:31PM +1200, Jonathan Chen wrote: > On Wed, Apr 17, 2002 at 04:20:21AM +0300, Giorgos Keramidas wrote: > > On 2002-04-16 14:07, Sam wrote: > > > Can someone give me some hints how to stop connections from spambots by > > > refusing smtp or tcp connections from hosts who won't resolve via > > > reverse lookup, or even forward lookup? Is the firewall script the > > > appropriate place to put that, or would somewhere within sendmail be > > > more better? > > > > Sendmail by default does that already. You need to explicitly disable > > it, by using either one or both of: > > > > FEATURE(`accept_unqualified_senders')dnl > > FEATURE(`accept_unresolvable_domains')dnl > > That's not true. Sendmail will accept connections from unresolvable > domains (I've got the email to prove this). By default, it will not > accept email with a unresolveable MAIL FROM: during the conversation. > The last option listed above disables this check. > > To disable connections from unresolvable domains requires extending the > Local_relay_check rule within the mc file. Exactly just what needs to > be put in is a mystery to me - I don't grok the syntax. On rereading my own post, I realise that what I should be talking about should be "IP failing reverse-lookup", and that that sendmail is indeed correct in its usage of denying unresolvable domains. Sorry! -- Jonathan Chen ---------------------------------------------------------------------- When all else fails, RTFM To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message