Hello,

First, I wish to make it clear that I do not want to start a discussion
about whether or not I should be doing what I want to do. Whether or not
anyone believes that there are good reasons for servers to lie about who
they are is not something I care to discuss.

I'd like to ask for someone's help to configure Sendmail to peform some
very basic tests. The tests I'd like to do are very simple.

RFC 2821 says that we "SHOULD NOT" check HELO/EHLO names, but it also says
that sending servers "MUST" give a proper HELO/EHLO name or address
literal (RFC defined "SHOULD NOT" and "MUST"). So on my more aggressive
host, I'd like to do the following checks:

1) That the IP address of the connecting server is in the list of IPs
returned by DNS A and MX RR of the name given in HELO/EHLO.

2) That if HELO/EHLO gives an address literal, the address matches that of
the connecting server (Sendmail doesn't do this check!)

3) (optional) Simply reject email from mail servers which try to give an
address literal.

I've examined all of the spam I've received over the past few months, and
it seems that around 75% of all of the spam that does get past my current
filters (spamcop and orbd) would be blocked by #1, and that of all of the
servers which connect with address literals, half would be rejected by #2.
I have seen one false positive (the admin of the sending server was happy
to add a DNS entry for his SMTP server), and no instance of legitimate
email which came from a server which used an address literal.

Now, if someone could help me figure out how to have Sendmail check these,
I'd be very, very appreciative!

Thanks much,
John Klos
Sixgirls Computing Labs