Subject: Re: Sendmail and spam question
To: David Laight <david@l8s.co.uk>
From: John Klos <john@sixgirls.org>
List: netbsd-help
Date: 07/30/2003 14:14:53
Hi,
> > Actually, that's really easy:
> > O DaemonPortOptions=Family=inet, address=0.0.0.0, Name=MTA
> > O DaemonPortOptions=Family=inet6, address=::, Name=MTA6, Modifiers=O
> > #O ClientPortOptions=Address=0.0.0.0
>
> I think you will find that the above makes it put in the address of
> the systems main interface at the time sendmail is started.
Well, if one were to replace the 0.0.0.0 with the interface which is to be
used, the IP reported would be that, and connections would be from that
IP. I pasted this as an example of where one would set what you suggested
might be difficult to set.
> > If a server tells me that it's address is 192.168.something, I certainly
> > do want to drop that server's email as spam.
>
> Probably true - but maybe not, it could be someone behind a NAT relay.
If a person wishes to run an SMTP server behind a NAT, then that person is
responsible for figuring out how to configure that SMTP server to comply
with the RFC. Too many people are too forgiving of improperly configured
mail servers - hence the spam problem. I'm not interested in receiving
email from misconfigured servers. Actually, I'm specifically interested in
rejecting email from them.
> > > Checking for the MX record (ie requiring that the outbound mail gateway
> > > is the same is the inward one) will surely lead to incorrect bounces.
> >
> > That's why I don't want to do that. I want to check A AND MX records; the
> > name which is given should be a working address in one of the two sets of
> > addresses.
>
> Do you mean you want to find an A record and an MX record, or an A record or
> and MX record? Hoping for the former is rather pointless.
I wish to create a set of IP addresses which include those from an MX
lookup AND those from an A lookup, and see if the connecting IP is
somewhere in that list.
Maybe I should have worded it this way:
1) That the IP address of the connecting server is in the list of IPs
returned by [DNS A and MX RR of the name given in HELO/EHLO]. (Not logical
AND, but inclusive AND)
> In any case the only MX record for host.subdomain@domain is likely to
> be for domain, and very likely to point somewhere entirely different.
Maybe, but I don't care. The check for MX is for setups where someone has
a mail server named "domain.com", but the only DNS record is the MX (ie,
an A lookup of domain.com comes up with the web server). If someone sets
up "domain.com" and has separate SMTP incoming and outgoing servers, then
a proper outgoing server setup would not have a name which does not match
DNS; I wouldn't mind dropping email if it came from an improper setup..
> Even if I sent my outward mail via my ISPs mail relay, you wouldn't get
> an MX match. I don't send it that way because their relay is often down
> (and in any case it gets blacklisted along with all the dialup addresses).
Of course not. But your ISP is not going to use your HELO name to report
itself, is it?
I'm not sure if I was clear enough: I wish to look up the HELO/EHLO name
in DNS and see if it corresponds with the IP of the connecting server.
This has nothing at all to do with any addresses in the envelope.
Anyone? Anyone out there with a Sendmail clue?
John Klos
Sixgirls Computing Labs