From owner-freebsd-current Wed Jul 23 12:36:16 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id MAA09375 for current-outgoing; Wed, 23 Jul 1997 12:36:16 -0700 (PDT) Received: from pandora.hh.kew.com (ahd@kendra.ne.mediaone.net [24.128.53.73]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA09365 for ; Wed, 23 Jul 1997 12:36:11 -0700 (PDT) Received: (from ahd@localhost) by pandora.hh.kew.com (8.8.5/8.8.5) id PAA20690 for current@freebsd.org; Wed, 23 Jul 1997 15:36:08 -0400 (EDT) Date: Wed, 23 Jul 1997 15:36:08 -0400 (EDT) From: Drew Derbyshire Message-Id: <199707231936.PAA20690@pandora.hh.kew.com> To: current@freebsd.org Subject: (over)zealous mail bouncing Sender: owner-freebsd-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > well.. i have the same problem... we fix the from in the actual header, > > but there isn't anything we can really do with sendmail unless we really > > want to become "spammers"... SPAMming is sending unsolicited junk mail; configuring your mail to have a valid reply address which gets errors back to you in a reasonable fashion is merely good system admin. Lying like hell in order to be a good system admin is being a _creative_ system admin. :-) > > also, he gets a dynamic ip address from > > efn.. meaning that he has to change his hostname, and then restart > > sendmail for it to become valid... The sender address does not have to match any known IP address; for it to be a valid address, there need only be a valid MX record. Consider, for example, kew.com (my humble e-mail home) and sonata.uucp.kew.com (my NT UUCP only box); each only have MX records, both are valid sender addresses. If the remote doing the bouncing is checking IP addresses, he better stop -- I can easily send legitmate mail for which the originating IP address will not exist in DNS by the time he can check. > Yes, but the envelope sender is wrong. Mail servers are perfectly > justified in refusing mail with an envelope sender containing a non > existant domain. This correct, but the safest method is to perform a transient rejection (4xx series reply, not 5xx) to allow for true name server problems. This is important, since for example about two weeks ago DNS "lost" freebsd.org, and last Thursday the NIC trashed most of the root servers on the net. In the first incident (running a hard bounce response), I lost at least one FreeBSD digest, but in the second incident (having returned to using transient bounces) mail was merely delayed. For a truly bogus domain, you can either let the mail timeout or add it to your banned domain list for faster flushing. > > well... there is one problem... efn.org is over a 14.4k modem, to my > > 28.8k modem, that happens to be dialed into efn's terminal server, but > > goes over to a local university which we use for inet connectivity... > > so connecting to that host would go over the above, then back from the > > university to efn.org... plus, we run FreeBSD on our systems.. so it > > is possible, but problematic... considering that he can also dial > > directly into efn it would mean needing to have two completely differnt > > configurations... > > Huh? What does this have to do with e-mail addresses? The connectivity > is irrelevant. It also has nothing to do with dynamic addresses. Use > "-f" flag to sendmail to force the proper envelope sender. The standard mail user agents do not present this flag, and sendmail must be told which users are to be trusted to use it. This makes it a poor choice for a production system. For reasonably sized site, a better method is to explicitly define the canonical host name of each unique dial-in host (use the confDOMAIN_NAME macro) and provide valid MX records for each one. You could, in a pinch, use a wild-carded sub-domain (*.dymanic.efn.org) to cut down on the number of records, but according to the sendmail.org experts, wildcard records should be avoided if possible. You can also tell sendmail to masquerade the envelope as well, this is does cut down on the audit trail slightly and so I personally try to avoid it. -- Drew Derbyshire Internet: ahd@kew.com Kendra Electronic Wonderworks Telephone: 617-279-9812 "I remember being a sophomore; it was the best three years of my life." - "Animal House"