On Apr 1, 2015, at 3:03 PM, Kevin Miller <kevin.mil...@juneau.org> wrote:
> You can reject on RDNS (or lack thereof) in sendmail depending on the > version. Search for "require_rdns". Thanks, I'll look into it. Sadly I don't think I have time to manually whitelist misconfigured servers, since I suspect there are not a few of them... a lot of people fail to put rDNS entries on their mail servers (including my own $DAYJOB employer, who only fixed it once I complained). > There may be other options than the firewall - if you have access to the mail > server itself, you could maybe run an instance of iptables. I presume you're > running it on Linux. Or maybe put the name servers in the /etc/host file > with 127.0.0.x addresses? Not sure if that would work or not. If all else > fails, bribe the DNS admin! :-) I do run iptables, which I use for fail2ban... but then I'd need to look up all the IP ranges served by the evil DNS servers. I could put the name servers in /etc/hosts but that would only help if I configure sendmail to require rDNS. Looks like there's no optimal solution on that one... Thanks. --- Amir
