Sendmail/LogWatch reports (may be forged)
Paul Howarth
paul at city-fan.org
Thu Dec 8 08:54:38 UTC 2005
On Wed, 2005-12-07 at 19:29 -0500, Tom Rivers wrote:
> On Wed, 2005-12-07 at 10:33 -0800, Timothy Alberts wrote:
> > Thank you for the response Paul.
> >
> > I like the idea of blocking an IP range, as I'm already doing that for
> > several spammers. However, when I blocked on IP, they changed IP to
> > 200.206.123.10. I could try and block multiple IP ranges, but it's just
> > a moving target I think. I block one and they move to another. I don't
> > want to have to play that game.
> >
> > So if sendmail finds that it can't trust the name (DNS fails in some
> > manner), is there a way to configure sendmail to REJECT the mail as it
> > is coming in based on failed DNS, rather than block IP ranges?
> >
>
> Hi Timothy,
>
> If I understand you correctly, you are saying that you want to ensure
> that sendmail never accepts incoming mail from unresolvable domains. If
> that is the case, check out the following section of sendmail.mc:
>
> dnl FEATURE(`accept_unresolvable_domains')dnl
>
> If you have this feature disabled, sendmail should reject any mail
> coming from a domain that it can't resolve. Perhaps you simply need to
> ensure this feature is disabled.
This is (sensibly) enabled by default. What he wanted was something
different, the ability to refuse mail from IPs whose reverse DNS didn't
resolve properly (and have a matching forward DNS entry).
Paul.
--
Paul Howarth <paul at city-fan.org>
More information about the fedora-list
mailing list