At 09:38 PM 7.20.2003 +0100, Matthew Seaman wrote: >On Sun, Jul 20, 2003 at 01:37:15PM -0500, Kevin Kinsey, DaleCo, S.P. wrote: >> I'm not happy that Sendmail is >> allowing connections from non- >> existent hosts (i.e., spammers...) >> >> I run Sendmail more or less straight >> "out of the box" on -stable. I had >> been under the impression that the >> line >> >> ALL : PARANOID : RFC931 20 : deny >> >> in /etc/hosts.allow would help reject >> some of this stuff. However, as the >> amount of spam in my inbox is >> beginning to attest, this isn't the case. >> >> I've been googling and searching the >> archives with strings similar to the >> one in the title, and haven't yet grok >> what I'm supposed to do to get this >> to work... >> >> So, how do I tell Sendmail that if >> a host doesn't exist, (i.e. d3kr890d.129ddk.org) >> I don't want to talk to it... > >The way that sendmail(8) uses tcp wrappers is slightly different to >most daemons. Instead of outright refusing to connect (which would >lead to the other side trying again every half hour or so for the next >five days), it permits the remote side to connect and then issues a >permanent reject code during the SMTP dialogue. > >Even without enabling tcp wrappers functionality, sendmail should >still reject egregiously forged addresses. You have to add > > FEATURE(`accept_unresolvable_domains')dnl > >to your `hostname`.mc file to allow incoming mail from domains without >either A or MX records registered in the DNS. > > Cheers, > > Matthew
Matthew: Are you saying that the above 'FEATURE' should be used in addition to Dan Nelson's suggestion for the adding of these local_rules...? http://www.sendmail.org/~ca/email/chk-810.html#810UNRESOLVIP This is something I had been looking for & just yesterday made up a procmail recipe to grab the forgeries specifically. I'm getting quite a few of them here. Best regards, Jack L. Stone, Administrator SageOne Net http://www.sage-one.net [EMAIL PROTECTED] _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
