[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [SLUG] Spam creaping through
On Fri, Jun 01, 2001 at 01:04:36PM +1000, Peter McCarthy wrote:
> I read that sendmail will automatically reject email that does not have a host
> name that resolves, however this does not seem to be working for the following
Depending upon your configuration, but yes, it can be configured to
reject mail from which do not resolve. Note that this is based on the
envelope, not the message headers. This is a common cause of confusion.
The envelope addresses are those passed in the `mail from' and `rcpt to'
smtp commands. Here's an example:
[firstname.lastname@example.org ~]$ telnet wombat.vastsystems.com.au 25
Connected to wombat.vastsystems.com.au (192.168.1.1).
Escape character is '^]'.
220 vastsystems.com.au ESMTP Sendmail 8.11.0/8.11.0; Fri, 1 Jun 2001 17:17:11 +1000
250-wombat.vastsystems.com.au Hello IDENT:email@example.com [192.168.1.16], pleased to meet you
mail from: firstname.lastname@example.org
250 2.1.0 email@example.com... Sender ok
rcpt to: firstname.lastname@example.org
250 2.1.5 email@example.com... Recipient ok
354 Enter mail, end with "." on a line by itself
250 2.0.0 f517HLs01938 Message accepted for delivery
221 2.0.0 wombat.vastsystems.com.au closing connection
Connection closed by foreign host.
And this is what the message I receive looks like:
From firstname.lastname@example.org Fri Jun 1 17:17:49 2001
These two headers have the address given in the `mail from' command.
Received: from dropbear.vastsystems.com.au
by wombat.vastsystems.com.au (8.11.0/8.11.0) with ESMTP id f517HLs01938
for email@example.com; Fri, 1 Jun 2001 17:17:23 +1000
This one has the address given in the `rcpt to', but it's not always
present. Even if it is, if there are multiple recipients, only one will
Date: Fri, 1 Jun 2001 17:17:23 +1000
I didn't provide a `Date:' or `Message-Id:' header, so sendmail inserts
And here are the headers I actually provided. Note that they're
garbage, and even though I have sendmail configured to block mail if the
sender's domain doesn't resolve, that check is done on the envelope
address, not the `From:' header.
> We quite frequently receive an email from firstname.lastname@example.org with an attachment
sexyfun.net exists, but as I've explained above, that's irrelevant. The
envelope address is what matters.
> that is a virus.
> I have the filter inplace to block this address but it still manages to get
How have you configured your filter? Is it filtering on message header
> Jun 1 13:04:19 mail sendmail: NAA24597: from=<>, size=33261, class=0,
> This explains why it get past the filter, but no why sendmail doesn't
> automatically bin it as the send address does not reslove.
The null address is a special case. Are you *certain* that you're
looking at the right log entry?
> Any ideas on how I should attack this ?
Send us your sendmail.mc (and filter rules if they're not in
sendmail.mc). Also, which version of sendmail are you using?
> Also how do I specify the MaxMessageSize parameter to be a value using the
> sendmail.mc file ?
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug