Date: Thu, 24 Jul 1997 00:24:46 -0700 From: Jonathan Mini <j_mini@efn.org> To: Drew Derbyshire <ahd@kew.com> Cc: current@FreeBSD.ORG Subject: Re: (over)zealous mail bouncing Message-ID: <19970724002446.59369@micron.efn.org> In-Reply-To: <199707231936.PAA20690@pandora.hh.kew.com>; from Drew Derbyshire on Wed, Jul 23, 1997 at 03:36:08PM -0400 References: <199707231936.PAA20690@pandora.hh.kew.com>
next in thread | previous in thread | raw e-mail | index | archive | help
What I'm saying is that my hostname doesn't have a DNS entry in the "outside world" and therefore sending a message from my machine is automatically an invalid host. THe only real option I have is to spoof the information that sendmail sends out, ask my ISP for a addressless DNS entry (make a DNS entry that has no A entry) or change my hostname to something valid. Although pictures of naming myself cyberpromo.com for a week come to mind, I don't think "stealing" someone else's host name is a very valid solution. I would persue getting a DNS entry from my ISP, except that I have more than one ISP. (makes life harder, although still theoretially possible. All I need is one valid hostname I can pretend I am) I'd do that -- except that I am going to be moving into student housing in about a month or so, and will actually have a public IP address and DNS entry for my machine on that network, and (knowing my ISP's) it would probably take a month to get that DNS entry, it's kinda of pointless. I'm just a little annoyed at people who insist of having the sending machine call itself a valid hostname, just to cut down on spam. Drew Derbyshire stands accused of saying : > > > well.. i have the same problem... we fix the from in the actual header, > > > but there isn't anything we can really do with sendmail unless we really > > > want to become "spammers"... > > SPAMming is sending unsolicited junk mail; configuring your mail > to have a valid reply address which gets errors back to you in a > reasonable fashion is merely good system admin. Lying like hell > in order to be a good system admin is being a _creative_ system > admin. :-) > > > > also, he gets a dynamic ip address from > > > efn.. meaning that he has to change his hostname, and then restart > > > sendmail for it to become valid... > > The sender address does not have to match any known IP address; > for it to be a valid address, there need only be a valid MX record. > Consider, for example, kew.com (my humble e-mail home) and > sonata.uucp.kew.com (my NT UUCP only box); each only have MX records, > both are valid sender addresses. > > If the remote doing the bouncing is checking IP addresses, he better > stop -- I can easily send legitmate mail for which the originating > IP address will not exist in DNS by the time he can check. > > > Yes, but the envelope sender is wrong. Mail servers are perfectly > > justified in refusing mail with an envelope sender containing a non > > existant domain. > > This correct, but the safest method is to perform a transient > rejection (4xx series reply, not 5xx) to allow for true name server > problems. This is important, since for example about two weeks > ago DNS "lost" freebsd.org, and last Thursday the NIC trashed most > of the root servers on the net. In the first incident (running a > hard bounce response), I lost at least one FreeBSD digest, but in > the second incident (having returned to using transient bounces) > mail was merely delayed. > > For a truly bogus domain, you can either let the mail timeout or add > it to your banned domain list for faster flushing. > > > > well... there is one problem... efn.org is over a 14.4k modem, to my > > > 28.8k modem, that happens to be dialed into efn's terminal server, but > > > goes over to a local university which we use for inet connectivity... > > > so connecting to that host would go over the above, then back from the > > > university to efn.org... plus, we run FreeBSD on our systems.. so it > > > is possible, but problematic... considering that he can also dial > > > directly into efn it would mean needing to have two completely differnt > > > configurations... > > > > Huh? What does this have to do with e-mail addresses? The connectivity > > is irrelevant. It also has nothing to do with dynamic addresses. Use > > "-f" flag to sendmail to force the proper envelope sender. > > The standard mail user agents do not present this flag, and sendmail > must be told which users are to be trusted to use it. This makes > it a poor choice for a production system. > > For reasonably sized site, a better method is to explicitly define > the canonical host name of each unique dial-in host (use the > confDOMAIN_NAME macro) and provide valid MX records for each one. > You could, in a pinch, use a wild-carded sub-domain (*.dymanic.efn.org) > to cut down on the number of records, but according to the sendmail.org > experts, wildcard records should be avoided if possible. > > You can also tell sendmail to masquerade the envelope as well, this is > does cut down on the audit trail slightly and so I personally try to > avoid it. > -- > Drew Derbyshire Internet: ahd@kew.com > Kendra Electronic Wonderworks Telephone: 617-279-9812 > > "I remember being a sophomore; it was the best three years of my life." > - "Animal House" -- Jonathan Mini (j_mini@efn.org) ... bleakness ... desolation ... plastic forks ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970724002446.59369>