Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 12 Sep 1997 16:01:19 -0500
From:      Jonathan Lemon <jlemon@americantv.com>
To:        Dave Babler <dbabler@Rigel.orionsys.com>
Cc:        Dan Busarow <dan@dpcsys.com>, freebsd-questions@FreeBSD.ORG
Subject:   Re: Help with Sendmail/DNS
Message-ID:  <19970912160119.32472@right.PCS>
In-Reply-To: <Pine.BSI.3.95.970912115807.24547A-100000@Rigel.orionsys.com>; from Dave Babler on Sep 09, 1997 at 12:02:17PM -0700
References:  <19970911194023.47189@right.PCS> <Pine.BSI.3.95.970912115807.24547A-100000@Rigel.orionsys.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sep 09, 1997 at 12:02:17PM -0700, Dave Babler wrote:
> On Thu, 11 Sep 1997, Jonathan Lemon wrote:
> > On Sep 09, 1997 at 04:18:55PM -0700, Dave Babler wrote:
> > > It looks like I'm hosed then, host altair is just for testing. The REAL
> > > desired operation is:
> > > 
> > > 	mail to orionsys.com	    -> rigel -> bbs.orionsys.com
> > > 	mail to bbs.orionsys.com    -> rigel -> bbs.orionsys.com
> > > 	mail to rigel.orionsys.com  -> rigel
> > > 	mail to altair.orionsys.com -> rigel -> altair...
> > > 
> > 
> > What about trying ``O TryNullMXList'' (or ``Ow'' for older sendmails) in
> > the sendmail.cf file on rigel?
> > 
> This does seem to work, curing the looping MX problem... except that
> according to the Sendmail Reference, "The TryNullMXList (w) option is not
> safe as of V8.8.4." Also, there doesn't seem to be an m4 macro to invoke
> it, which tends to indicate to me it isn't 'approved' any more for some
> reason... does anyone know why?

>From the sendmail README:

        SECURITY: the TryNullMXList (w) option should not be safe -- if it
                is, it is possible to do a denial-of-service attack on
                MX hosts that rely on the use of the null MX list.

Also, you can configure it with M4:

	define(`confTRY_NULL_MX_LIST', `True')dnl

It's true that this approach has been 'deprecated' ever since it was
introduced in v8.4.


An alternative approach would be to define a separate mailer, which
has the ``0'' flag set in it's Flags list, which says to send direcly,
without doing a MX lookup:

        Add new F=0 (zero) mailer flag to turn off MX lookups.

Then pass off all mail destined to {bbs|altair} to this mailer.
--
Jonathan

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970912160119.32472>