From owner-freebsd-questions@FreeBSD.ORG Sun Jul 20 23:42:23 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 711C337B401 for ; Sun, 20 Jul 2003 23:42:23 -0700 (PDT) Received: from ei.bzerk.org (ei.xs4all.nl [213.84.67.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 919BE43F3F for ; Sun, 20 Jul 2003 23:42:21 -0700 (PDT) (envelope-from mail23@bzerk.org) Received: from ei.bzerk.org (BOFH@localhost [127.0.0.1]) by ei.bzerk.org (8.12.9/8.12.9) with ESMTP id h6L6gn8P008861; Mon, 21 Jul 2003 08:42:49 +0200 (CEST) (envelope-from bulk@ei.bzerk.org) Received: (from bulk@localhost) by ei.bzerk.org (8.12.9/8.12.9/Submit) id h6L6gmj1008860; Mon, 21 Jul 2003 08:42:48 +0200 (CEST) Date: Mon, 21 Jul 2003 08:42:48 +0200 From: Ruben de Groot To: "Jack L. Stone" Message-ID: <20030721064248.GA8721@ei.bzerk.org> References: <00c801c34eed$f262e910$0441d5cc@nitanjared> <00c801c34eed$f262e910$0441d5cc@nitanjared> <3.0.5.32.20030720173731.012cff60@sage-one.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3.0.5.32.20030720173731.012cff60@sage-one.net> User-Agent: Mutt/1.4.1i cc: questions@freebsd.org Subject: Re: Sendmail reject non-extant hosts? RFC1123 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jul 2003 06:42:23 -0000 On Sun, Jul 20, 2003 at 05:37:31PM -0500, Jack L. Stone typed: > At 09:38 PM 7.20.2003 +0100, Matthew Seaman wrote: > >On Sun, Jul 20, 2003 at 01:37:15PM -0500, Kevin Kinsey, DaleCo, S.P. wrote: > >> I'm not happy that Sendmail is > >> allowing connections from non- > >> existent hosts (i.e., spammers...) > >> > >> I run Sendmail more or less straight > >> "out of the box" on -stable. I had > >> been under the impression that the > >> line > >> > >> ALL : PARANOID : RFC931 20 : deny > >> > >> in /etc/hosts.allow would help reject > >> some of this stuff. However, as the > >> amount of spam in my inbox is > >> beginning to attest, this isn't the case. > >> > >> I've been googling and searching the > >> archives with strings similar to the > >> one in the title, and haven't yet grok > >> what I'm supposed to do to get this > >> to work... > >> > >> So, how do I tell Sendmail that if > >> a host doesn't exist, (i.e. d3kr890d.129ddk.org) > >> I don't want to talk to it... > > > >The way that sendmail(8) uses tcp wrappers is slightly different to > >most daemons. Instead of outright refusing to connect (which would > >lead to the other side trying again every half hour or so for the next > >five days), it permits the remote side to connect and then issues a > >permanent reject code during the SMTP dialogue. > > > >Even without enabling tcp wrappers functionality, sendmail should > >still reject egregiously forged addresses. You have to add > > > > FEATURE(`accept_unresolvable_domains')dnl > > > >to your `hostname`.mc file to allow incoming mail from domains without > >either A or MX records registered in the DNS. > > > > Cheers, > > > > Matthew > > Matthew: Are you saying that the above 'FEATURE' should be used in addition > to Dan Nelson's suggestion for the adding of these local_rules...? > http://www.sendmail.org/~ca/email/chk-810.html#810UNRESOLVIP He is saying that the stock sendmail should allready have the behaviour you want. Only when you want to disable this behaviour (which you don't) you can add this FEATURE. Your link to sendmail.org is about an older version (8.10) of sendmail. What sendmail version are you using? > This is something I had been looking for & just yesterday made up a > procmail recipe to grab the forgeries specifically. I'm getting quite a few > of them here. > > Best regards, > Jack L. Stone, > Administrator > > SageOne Net > http://www.sage-one.net > jackstone@sage-one.net > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"