On Feb 17,  9:37pm, Andrew Brown wrote:
}
} >} We should perhaps deny relaying and perhaps also accepting mail from
} >} hosts that have no valid mx or such.
} >
} >     Absolutely NOT, this is completely bogus.  MX records indicate
} >machines that are intended to receive mail, NOT one's that are
} >intended to send mail.
} 
} a generic bsd4.4 config file from sendmail 8.9.3 will not openly relay
} mail from anyone.  indeed, it will only accept mail that originates or
} terminates locally (modulo any local forwarding rules of course).
} 
} it will also not accept mail from an invalid sender address, ie, the
} domain portion after the @ must either have an mx record or an a
} record associated with it.
} 
} refusing to accept mail from hosts that cannot receive mail (because
} they have no mx or a records) is problematic at best.

     Personally, I agree with this.  People have no business sending
out mail with invalid return addresses.  This catches a lot of spam
without any false positive (I don't consider mail that violates the
RFC's to be false positives).

} i recommend a configuration where the mc file contains
} 
}    FEATURE(relay_based_on_MX)

     This is a very bad idea.  Since anybody can create an MX record
for their domain that points at your mail server, it would open you up
to uncontrolled relaying.

} since that will allow the least amount of reconfiguration for most
} people.  without that, all the domains for which your host is a
} secondary (or other) mx host for a zone will have to have all those
} zones listed in its /etc/mail/relay-domains file.  which is a pain.

     It's also the only way to prevent your server from being used for
uncontrolled relaying.

}-- End of excerpt from Andrew Brown