From owner-freebsd-questions@FreeBSD.ORG Sun Jul 20 15:37:36 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA52037B401 for ; Sun, 20 Jul 2003 15:37:36 -0700 (PDT) Received: from franklin-belle.com (adsl-65-68-247-73.dsl.crchtx.swbell.net [65.68.247.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id E440843F3F for ; Sun, 20 Jul 2003 15:37:35 -0700 (PDT) (envelope-from jackstone@sage-one.net) Received: from sagea (sagea.sage-american [10.0.0.3]) by franklin-belle.com (8.12.8p1/8.12.8) with SMTP id h6KMbV4l081596; Sun, 20 Jul 2003 17:37:32 -0500 (CDT) (envelope-from jackstone@sage-one.net) Message-Id: <3.0.5.32.20030720173731.012cff60@sage-one.net> X-Sender: jackstone@sage-one.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Sun, 20 Jul 2003 17:37:31 -0500 To: Matthew Seaman , "Kevin Kinsey, DaleCo, S.P." From: "Jack L. Stone" In-Reply-To: <20030720203802.GA12318@happy-idiot-talk.infracaninophile.c o.uk> References: <00c801c34eed$f262e910$0441d5cc@nitanjared> <00c801c34eed$f262e910$0441d5cc@nitanjared> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Spam-Status: No, hits=-1.7 required=4.5 tests=AWL,EMAIL_ATTRIBUTION,IN_REP_TO,REFERENCES, REPLY_WITH_QUOTES version=2.55-fbelle.rules_v1 X-Spam-Checker-Version: SpamAssassin 2.55-fbelle.rules_v1 (1.174.2.19-2003-05-19-exp) cc: questions@freebsd.org Subject: Re: Sendmail reject non-extant hosts? RFC1123 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Jul 2003 22:37:37 -0000 At 09:38 PM 7.20.2003 +0100, Matthew Seaman wrote: >On Sun, Jul 20, 2003 at 01:37:15PM -0500, Kevin Kinsey, DaleCo, S.P. wrote: >> I'm not happy that Sendmail is >> allowing connections from non- >> existent hosts (i.e., spammers...) >> >> I run Sendmail more or less straight >> "out of the box" on -stable. I had >> been under the impression that the >> line >> >> ALL : PARANOID : RFC931 20 : deny >> >> in /etc/hosts.allow would help reject >> some of this stuff. However, as the >> amount of spam in my inbox is >> beginning to attest, this isn't the case. >> >> I've been googling and searching the >> archives with strings similar to the >> one in the title, and haven't yet grok >> what I'm supposed to do to get this >> to work... >> >> So, how do I tell Sendmail that if >> a host doesn't exist, (i.e. d3kr890d.129ddk.org) >> I don't want to talk to it... > >The way that sendmail(8) uses tcp wrappers is slightly different to >most daemons. Instead of outright refusing to connect (which would >lead to the other side trying again every half hour or so for the next >five days), it permits the remote side to connect and then issues a >permanent reject code during the SMTP dialogue. > >Even without enabling tcp wrappers functionality, sendmail should >still reject egregiously forged addresses. You have to add > > FEATURE(`accept_unresolvable_domains')dnl > >to your `hostname`.mc file to allow incoming mail from domains without >either A or MX records registered in the DNS. > > Cheers, > > Matthew Matthew: Are you saying that the above 'FEATURE' should be used in addition to Dan Nelson's suggestion for the adding of these local_rules...? http://www.sendmail.org/~ca/email/chk-810.html#810UNRESOLVIP This is something I had been looking for & just yesterday made up a procmail recipe to grab the forgeries specifically. I'm getting quite a few of them here. Best regards, Jack L. Stone, Administrator SageOne Net http://www.sage-one.net jackstone@sage-one.net