Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

reject with no reverse dns

Posted on 2004-09-14
10
1,577 Views
Last Modified: 2013-12-17
I'd like to configure my sendmail to reject messages from senders that have no reverse dns (ptr).  Is there an easy way to do this via editing the sendmail.cf file?
0
Comment
Question by:NoelKent
10 Comments
 
LVL 34

Expert Comment

by:PsiCop
ID: 12058728
Well, hopefully, you don't edit the sendmail.cf file directly. I'm saying this as a person who rolled his own sendmail.cfs for nearly 10 years - learn the m4 macro system and use sendmail.mc to generate your sendmail.cf files. I switched earlier this year, and I never want to go back.

You need to specify your sendmail version. Different sendmail versions have different capabilities.
0
 
LVL 34

Accepted Solution

by:
PsiCop earned 43 total points
ID: 12058831
Offhand, I'd say that this is a Bad Idea (tm). You can do it - depending on the sendmail version, you may need to use a MILTER, such as SpamAssassin, to do this. The issue is that there are a lot of legitimate mailhosts out there with lazy admins who've never bothered to put PTR records in DNS for their mailhosts. So, if you use this as a sole basis to accept/reject a particular host, you're going to reject a not-insignificant amount of legitmate hosts (for example, AOL fails to have PTR records for their mail hosts).

If you're still serious about doing this, then your sendmail version is needed. The easiest way to implement is probably using SpamAssassin, so you'd need to be prepared for that and MIMEdefang.
0
 

Author Comment

by:NoelKent
ID: 12059588
Sendmail 8.12.8, I also am running SpamAssassin version 2.64 on RedHat 9
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 34

Expert Comment

by:PsiCop
ID: 12061243
Hmmm...that's a slightly-dated version. Do you have the security patches on it? Might be a good idea to upgrade to at least v8.12.10.

I'm fairly sure that SpamAssassin can reject based on the sending mailhost not having a PTR record. Personally, I wouldn't do that - give them a few points towards their SPAM score, yeah, but not outright reject.
0
 
LVL 5

Assisted Solution

by:cgrey
cgrey earned 41 total points
ID: 12066611
We tried implementing non-ptr bouncing two years ago and caught so much heat that we abandonded the idea. We handle ~350k message/day on average (though we hit peaks of 1million/day once in a while).  I would guess that (even with the nice GENERATE feature in bind) 50% of the ISPs with less than 50,000 users don't have proper reverse DNS.  If you are looking to block email from brazillian dsl customers (just an example picked at random ;)  investigate implementing either an outsourced solution of pre-processing spam filtering (like PostIni) or possibly set up spam trap filtering.  Change your inbound MX records and don't every use mail.domain.com for your inbound MX hostnames.  Give your customers/users another hostname for their outbound smtp (e.g. smtp-out.domain.com) and for pop3/imap (e.g. pop3.domain.com).  Then recreate mail.domain.com and list it in your dns. Now mail.domain.com should NEVER EVER get any incoming email. Set up a program to log inbound smtp connections.  As soon as you receive an email on this box, drop the offending IP into your real mx servers access.db file with a REJECT 550.  It sounds complicated, but it really isn't.  If you are using some rbl's (you should NEVER rely solely upon one RBL - see PsiCop's comment on SpamAssassin) on your inbound MX then you will find that many spammers fall back to mail.domain.com if they can't send to your listed MX.

Here is a (relatively simple) solution.

Build a linux box (debian is a good choice for this).
Install libmilter, sendmail, spamassassin.
call this box mxf.domain.com
configure iptables to only allow SMTP coming IN from the outside
configure sendmail to forward all mail to your real internal mail server
configure spamassassin and zero all scores except MTA/MX/DNS PTR/RBL related ones.
Tweak your remaining scores to what you feel comfortable with. (set spamcop to 0.1 if you use it at all)
Configure the spamassassin milter to dump anything scoring over your threshold.
Test
Test again
Test once more. =)
update DNS to set mxf.domain.com as your lowest numbered (highest priority) MX.


HINT TO ANY DNS ADMINS OUT THERE

emacs /var/named/rev/db.c.b.a.reverse.zone.file

$GENERATE 0-255 $.c.b.a.in-addr.arpa. PTR dsl-$-c-b-a.in-addr.arpa.

PLEASE PLEASE PLEASE DO THIS for all your DHCP/DIALUP/DSL pools. :) If you are running windows please generate reverse zones for your forwards.
0
 

Author Comment

by:NoelKent
ID: 12067522
I think i'll work on implimenting the different domains for pop3/smtp, currently I'm using access.db to block all ips from lacnin, and apnic, we are a small company that works only within north america and we don't really care about email from those parts of the world especially considering 95% of it we receive is spam.
0
 
LVL 6

Assisted Solution

by:anfi
anfi earned 41 total points
ID: 12174288
http://www.cs.niu.edu/~rickert/cf/
[...]
HACK(`require_rdns') -- reject mail from sites without valid reverse DNS. Access entries allow individual override. I don't recommend this. The amount of collateral damage is excessive. (pgp signature)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question