From owner-freebsd-questions@FreeBSD.ORG  Thu Apr 15 09:31:17 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7BFB516A4CE
	for <freebsd-questions@freebsd.org>;
	Thu, 15 Apr 2004 09:31:17 -0700 (PDT)
Received: from dc.cis.okstate.edu (dc.cis.okstate.edu [139.78.100.219])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2424C43D39
	for <freebsd-questions@freebsd.org>;
	Thu, 15 Apr 2004 09:31:17 -0700 (PDT)
	(envelope-from martin@dc.cis.okstate.edu)
Received: from dc.cis.okstate.edu (localhost.cis.okstate.edu [127.0.0.1])
	by dc.cis.okstate.edu (8.12.6/8.12.6) with ESMTP id i3FGVGOf005743
	for <freebsd-questions@freebsd.org>;
	Thu, 15 Apr 2004 11:31:16 -0500 (CDT)
	(envelope-from martin@dc.cis.okstate.edu)
Message-Id: <200404151631.i3FGVGOf005743@dc.cis.okstate.edu>
To: freebsd-questions@freebsd.org
Date: Thu, 15 Apr 2004 11:31:16 -0500
From: Martin McCormick <martin@dc.cis.okstate.edu>
Subject: Setting Sendmail to Refuse Possibly Forged Headers
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Apr 2004 16:31:17 -0000

	The sendmail that comes with FreeBSD is set to disallow all
third-party relaying which is wonderful and how I want to keep things.

	In addition to that, I would like to try to set it to refuse
incoming mail with forged address headers.  Judging from the logs, it
seems to be pretty good at catching such messages and most of the ones
I look at that trigger this warning are spam.

	I get over 100 spam messages a day and bogofilter and
junkfilter catch about 80 to 90% of them, but it would be nice if they
didn't even successfully deliver.  Successful delivery may, itself
trigger more spam.

	After reading the man pages on sendmail.cf, I am not sure if I
can safely do that or not.  Much of the information is actually how to
allow certain types of relaying.  Fortunately, I don't need to loosen
anything.

	Refusing mail from bogus addresses is slightly risky because
innocent mail senders may get bitten if something is wrong with their
local domain name server causing the reverse lookup to fail.  I will
just have to try it set that way for a while and see if anyone has
trouble who shouldn't.

	Thanks for any suggestions or for any documentation that
describes how to safely refuse forged Email without either turning on
more relaying or creating any other insidious situation that might not
be obvious.

Martin McCormick