netbsd-help: Re: Hi: telling sendmail to refuse notes from badly configured dns..

Subject: Re: Hi: telling sendmail to refuse notes from badly configured dns..
To: None <netbsd-help@netbsd.org>
From: Wolfgang Rupprecht <wolfgang+gnus20020426T172648@wsrcc.com>
List: netbsd-help
Date: 04/26/2002 17:34:48

sudog@sudog.com (sudog) writes:
> I've been doing some quick looking around but was unable to locate any 
> sendmail rules regarding blocking an incoming message based on misconfigured 
> DNS on the sender's side.

Put this at the end of your sendmail.mc file and crank out another
sendmail.cf.  I've been running with this for years and it really cuts
down on spam.  An overwhelming amount of it is from mis-administered
sites that also have DNS problems.

Scheck_eoh
R$*		$: $&{client_resolve}
RTEMP		$#error $@ 4.7.1 $: "450 Access temporarily denied. Cannot resolve PTR record for " $&{client_addr} " - Please fix your DNS server and resend"
RFORGED		$#error $@ 4.7.1 $: "450 Access denied. Your PTR record is in conflict with your A record for " $&{client_name} " - Please fix your DNS server and resend"
RFAIL		$#error $@ 4.7.1 $: "450 Access denied. IP name lookup failed " $&{client_name} " - Please fix your DNS server and resend"

(If you want you can change the last two errors to "550", but there is
a bug/misfeature in recent binds where if your DNS is a secondary for
a zone and the zone hasn't yet been loaded (such as in the first few
seconds after a reboot) then mail from that domain can bounce.)

-wolfgang
-- 
       Wolfgang Rupprecht <wolfgang+gnus@dailyplanet.wsrcc.com>
		    http://www.wsrcc.com/wolfgang/
Coming soon: GPS mapping tools for Open Systems. http://www.gnomad-mapping.com/