Sendmail MX record lookup

[gkout]

I m trying to have sendmail check for mx records for outside boxes that connect to it and if the host is not a mail server to reject the connection. I know this is done in postfix (it checks to see wether the ip that connects has a valid DNS MX record and then acts accordinly). Anyone has any idea how can this be done in sendmail?
Thnx
//George

 

[Mag0007]

nslookup
> set type=mx
> yourhostname.com

 

[jkupski]

Wow... Mag, did you even read the question?

Gkout, I believe your question is answered at

http://www.sendmail.org/m4/anti_spam.html

 

[mrballcb]

You really don't want to reject if it's not listed as an MX server. Places like hotmail and yahoo have a different bank of servers for outbound mail, that are not in the MX records like their inbound bank of mail servers are. Many people also use their ISP's mail server to "smart relay" their mail. Your configuration would reject that too. Why do people do smart relay? Because most places reject mail that originates from known dial-up/cable/dsl modem space (ie dynamic addresses).

In addition to a decent spam filter such as spamassassin, your best bet is to use the feature enhsbl and use a good blacklist such as sbl-xbl.spamhaus.org. Here's how to configure it in the sendmail.mc:

FEATURE(`enhdnsbl',`sbl-xbl.spamhaus.org',`"554 Email categorized as SPAM and blocked using Spamhaus SBL+XBL service - see

http://www.openrbl.org/?i="

$&{client_addr}')

 

[gkoutras]

OK my handle gkout has problem. This is my new handle.
I ll give u an output from an smtp connection to make clear what i mean. The domain has been replaced....
Although open relay is denied and spamassassin is running (along with rbl checks) the issue here is that i can send an email as a NON-existent user of the domain to an existent user of the this domain. This means that someone can send spam messages to the users of the domain.
How can i stop this?
The MX lookup along with a reverse lookup was an idea i had...

==========================================================
220 somedomain.com ESMTP Sendmail 8.13.2/8.13.2; Sat, 15
ehlo there
250-somedomain.com Hello somehost.someISP.com [xxxxx]
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE 10000000
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
mail from: me@somedomain.com
250 2.1.0 me@somedomain.com... Sender ok
rcpt to: gkout@somedomain.com
250 2.1.5 gkout@somedomain.com... Recipient ok
data
354 Enter mail, end with "." on a line by itself
testing
.
.....message accepted for delivery
=========================================================

 

[mrballcb]

Well that's the drawback of SMTP. The way your system is configured, the sender must pass the following tests:
1) sending domain exists
2) recipient exists
3) virus scanning passes (assuming you use clamav with a milter)
4) spam scanning passes (assuming you use spamassassin with a milter)

Since it passes all 4 above tests, maybe you should also consider using the spamhaus blacklist checks. That will actually occur as step 0, before any of the others listed above. That prevents a large number of messages from even having to be scanned.

 

[gkoutras]

Well i regret to say that i will give up sendmail and switch over to postfix.
It s a very powerfull MTA and has sender existance checking (restrict_unverified_sender)
and also it disallowes users that come from outside to use our domain. So mail forgery of type postmaster@ourdomain.com is not allowed !!! It also restricts our domain users from using another domain to send mail !!! And it is all configured so easy. Is'nt that great???
So long sendmail....