From owner-freebsd-questions  Fri Sep 12 14:02:07 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id OAA08661
          for questions-outgoing; Fri, 12 Sep 1997 14:02:07 -0700 (PDT)
Received: from sumatra.americantv.com (sumatra.americantv.com [207.170.17.37])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA08655
          for <freebsd-questions@FreeBSD.ORG>; Fri, 12 Sep 1997 14:02:04 -0700 (PDT)
Received: from right.PCS (right.PCS [148.105.10.31])
	by sumatra.americantv.com (8.8.5/8.8.5) with ESMTP id QAA15131;
	Fri, 12 Sep 1997 16:01:51 -0500 (CDT)
Received: (from jlemon@localhost)
	by right.PCS (8.6.13/8.6.4) id QAA17940;
	Fri, 12 Sep 1997 16:01:20 -0500
Message-ID: <19970912160119.32472@right.PCS>
Date: Fri, 12 Sep 1997 16:01:19 -0500
From: Jonathan Lemon <jlemon@americantv.com>
To: Dave Babler <dbabler@Rigel.orionsys.com>
Cc: Dan Busarow <dan@dpcsys.com>, freebsd-questions@FreeBSD.ORG
Subject: Re: Help with Sendmail/DNS
References: <19970911194023.47189@right.PCS> <Pine.BSI.3.95.970912115807.24547A-100000@Rigel.orionsys.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.61.1
In-Reply-To: <Pine.BSI.3.95.970912115807.24547A-100000@Rigel.orionsys.com>; from Dave Babler on Sep 09, 1997 at 12:02:17PM -0700
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Sep 09, 1997 at 12:02:17PM -0700, Dave Babler wrote:
> On Thu, 11 Sep 1997, Jonathan Lemon wrote:
> > On Sep 09, 1997 at 04:18:55PM -0700, Dave Babler wrote:
> > > It looks like I'm hosed then, host altair is just for testing. The REAL
> > > desired operation is:
> > > 
> > > 	mail to orionsys.com	    -> rigel -> bbs.orionsys.com
> > > 	mail to bbs.orionsys.com    -> rigel -> bbs.orionsys.com
> > > 	mail to rigel.orionsys.com  -> rigel
> > > 	mail to altair.orionsys.com -> rigel -> altair...
> > > 
> > 
> > What about trying ``O TryNullMXList'' (or ``Ow'' for older sendmails) in
> > the sendmail.cf file on rigel?
> > 
> This does seem to work, curing the looping MX problem... except that
> according to the Sendmail Reference, "The TryNullMXList (w) option is not
> safe as of V8.8.4." Also, there doesn't seem to be an m4 macro to invoke
> it, which tends to indicate to me it isn't 'approved' any more for some
> reason... does anyone know why?

>From the sendmail README:

        SECURITY: the TryNullMXList (w) option should not be safe -- if it
                is, it is possible to do a denial-of-service attack on
                MX hosts that rely on the use of the null MX list.

Also, you can configure it with M4:

	define(`confTRY_NULL_MX_LIST', `True')dnl

It's true that this approach has been 'deprecated' ever since it was
introduced in v8.4.


An alternative approach would be to define a separate mailer, which
has the ``0'' flag set in it's Flags list, which says to send direcly,
without doing a MX lookup:

        Add new F=0 (zero) mailer flag to turn off MX lookups.

Then pass off all mail destined to {bbs|altair} to this mailer.
--
Jonathan