Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
cancel
Showing results for 
Search instead for 
Did you mean: 

Sendmail and DNS host checking

SOLVED
Go to solution
Ron Brown_2
Frequent Advisor

Sendmail and DNS host checking

How can I disable DNS lookups when hosts attempt to connect to our mail gateway running HP-UX 11.00 and Sendmail version 8.11.1, config V9/Berkeley?
should work...
9 REPLIES
Geoff Wild
Honored Contributor

Re: Sendmail and DNS host checking

You can't really - other then shutdown the sendmail daemon.

You could limit it - so that DNS isn't configured at all on the server.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Ron Brown_2
Frequent Advisor

Re: Sendmail and DNS host checking

I believe, though, that disabling DNS would effectively stop all mail delivery. That would be bad.
should work...
Chan 007
Honored Contributor

Re: Sendmail and DNS host checking

Ron,

Check this file

/etc/mail/service.switch

007
Geoff Wild
Honored Contributor

Re: Sendmail and DNS host checking

Not really - as you would go by what is in your /etc/hosts file.

See:

http://aplawrence.com/Bofcusm/22.html

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Geoff Wild
Honored Contributor

Re: Sendmail and DNS host checking

Uh - cancel my last post - as I looked in the sendmail.cf file and saw this:

# service switch file (ignored on HP-UX, Solaris, Ultrix, OSF/1, others)
#O ServiceSwitchFile=/etc/mail/service.switch


Sorry about that...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Geoff Wild
Honored Contributor

Re: Sendmail and DNS host checking

Then again - you might want to test it - saw this in the FAQ:

http://www.sendmail.org/faq/section3.html#3.22

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Ron Brown_2
Frequent Advisor

Re: Sendmail and DNS host checking

service.switch appears to merely switch lookups from DNS first to hosts first.

Any e-mail originating outside our network is currently looked up in DNS to check the validity of the sending domain; anything that does not resolve gets rejected. I am trying to avoid that. I want all mail to be accepted. Yes, I have additional security in place to help prevent bad stuff.
should work...
Christopher Caldwell
Honored Contributor
Solution

Re: Sendmail and DNS host checking

Domain lookups happen in two places:
1) connection of the RELAY - modern sendmail configurations want the RELAY to be defined in DNS
2) MAIL FROM: the domain portion of the users from address must generally look up in DNS.

You can bypass these features.

Get familiar with the README in
/usr/contrib/sendmail/usr/newconfig/etc/mail/cf

look at the accept_unresolvable_domains feature and the

You may need more. If you do, test commenting the
check_mail
check_rcpt
check_relay
rules in sendmail.cf. You won't need them all. If you're scared of M4/ you'll find gen_cf in a subdirectory of
/usr/contrib/sendmail/usr/newconfig/etc/mail//cf/cf
it uses menus.

These techniques bypass many of the anti-spam rules in sendmail.

If you've got more questions, ask 'em.
Ivan Ferreira
Honored Contributor

Re: Sendmail and DNS host checking

Yes, accept_unresolvable_domains is your option, you can try configuring sendmail using /usr/newconfig/etc/mail/cf/cf/gen_cf.


Use space as separator for the options.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?