Subject: Re: Sendmail question
To: Chuck Yerkes <>
From: Andrew Brown <>
List: current-users
Date: 03/03/2003 00:36:52
>> >Sorry for the wide distribution,
>> >
>> >Is there any way in sendmail to disallow incoming mail from a place
>> >whose IP address does not map to a FQDN?
>> off the top of my head, something like this might do what you want...
>> SLocal_check_rcpt
>> R<$*> <$*>		$#error $@ 5.7.1 $: "550 no dot..."
>For the record, there is zero requirement that reverse DNS
>be there.  So if you perm fail (5.7.1) because the DNS
>didn't look up, you're doubly wrong and breaking SMTP.
>1) temp fail it, DNS servers do get unreachable or crash.
>   Heck, if YOUR dns server eats it, you perm bounce all mail.  Sweet.

actually...if you hadn't trimmed out the rest of the ruleset i wrote,
you'd see that it only reaches that line if the dns lookup didn't fail
and also doesn't look like it was forged.  the "no dot" response will
only be ellicited if get a good dns response. 

>2) Don't do it. It's bad.  It's a bad idea.

i don't.  someone asked.  i think what i wrote will do what they ask.

>I have some rules that add a HEADER (in 8.12) if there is
>not reverse DNS.  I then filter with procmail on header:
>X-SNEW-NoRDNS: $someinfoAboutTheConnection
>into a folder.
>I get a bunch of spam into there.  I also get a LOT of mail.
>Some from some quite notable and aware Internet folks.
>Folks who don't control their ISP's DNS.

i have a pile of similar things.  as well as spamassassin.  there are
lots of tools.

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."