- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- sendmail challenge!!!!! validate dns
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-14-2003 07:56 AM
тАО01-14-2003 07:56 AM
sendmail challenge!!!!! validate dns
So that if schmobagel@aol.com sends me mail its accepted because aol.com exists
But if shmuel@schmobagel.com sends me mail its rejected.
This would be a very effective spam filter.
What I need is as follows:
1) A tested scenario. This means you've actually done it. I'll give points for suggestions, but if you want 10 you need to provide a tested, step by step plan run on either HP-UX or Linux.
2) Details
For example, add following directives to senmail.mc rebuild the hash db(I know how but does everyone else?)
If you don't think this is possible, try sending mail to aol from an unregistered domain name, even if the sending email address is perfectly valid. Do it on the command line and see what response you get.
/usr/sbin/sendmail -v -d8.99 -d38.99 stevenprotter"at"juf.org (hpux mod it for linux) choose a real aol.com email address btw.
I will not follow the rules and say this in a shout.
I WANT MY SERVER TO DO THAT!
Regards,
Steve
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-14-2003 08:00 AM
тАО01-14-2003 08:00 AM
Re: sendmail challenge!!!!! validate dns
I know the changes have to be partially here, so I'll give you astarting point.
Sorry no attachment, don't have that kind of access.
The names if the innocent IP addresses have been randomized.
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl The '-t' option will retry delivery if e.g. the user runs over his quota.
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl This changes sendmail to only listen on the loopback device 127.0.0.1
dnl and not on any other network devices. Comment this out if you want
dnl to accept email over the network.
DAEMON_OPTIONS(`Port=smtp,Addr=69.92.183.164, Name=MTA')
DAEMON_OPTIONS(`Port=smtp,Addr=69.92.183.167, Name=MTA')
dnl NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl a kernel patch
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')
dnl We strongly recommend to comment this one out if you want to protect
dnl yourself from spam. However, the laptop and users on computers that do
dnl not have 24x7 DNS do need this.
# FEATURE(`accept_unresolvable_domains')dnl
FEATURE(`relay_based_on_MX')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
Cwinvestmenttool.com
Cwisnamerica.comdnl DOMAIN(investmenttool.com) dnl
MASQUERADE_AS(investmenttool.com)dnl
MASQUERADE_DOMAIN(investmenttool.com)dnl
MASQUERADE_DOMAIN(isnamerica.com)dnl
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-14-2003 08:06 AM
тАО01-14-2003 08:06 AM
Re: sendmail challenge!!!!! validate dns
some points:
- which version of sendmail are you using / do you plan to use?
- testing the part in the from: header does not protect against spammers at all since spammers are used to forge headers
- what you want is validating if the ip address of the system connecting to your sendmail can be resolved. and from sendmail 8.9.3 upwards this check is done always except you disable it (I think its option 9 in the sendmail gen_cf script: allow unresolvable domains).
Regards,
Joche
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-14-2003 08:14 AM
тАО01-14-2003 08:14 AM
Re: sendmail challenge!!!!! validate dns
Believe it or not, I never tried it on HP-UX yet.
I'll backup and try it on HP-UX it might give me the directives I need for Linux as well.
Sendmail versions.
Probably the latest.
[1832#] what /usr/sbin/sendmail
/usr/sbin/sendmail:
Copyright (c) 1998 HEWLETT PACKARD COMPANY and its licensors,
including Sendmail, Inc., and the Regents of the
University of California. All rights reserved.
version.c 8.9.3.1 (Berkeley) 8/10/2001 (PHNE_25184)
Since there is no what command on Linux, I can't answer that question so eaily.
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-14-2003 08:17 AM
тАО01-14-2003 08:17 AM
Re: sendmail challenge!!!!! validate dns
I am not sure about Linux sendmail but doing a telnet to port 25 provides the version of sendmail / config file and the active patch level on HP-UX.
Regards,
Jochen
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-14-2003 08:44 AM
тАО01-14-2003 08:44 AM
Re: sendmail challenge!!!!! validate dns
8.11.1
Kresolve host -a
Make sure the above ruleset is uncommented. You should get this by default unless you built sendmail.cf with accept_unresolvable_domains.
8.9.3 Uncomment these rulesets under check_mail
# lookup IP address (reverse mapping available?)
# R$*<@[$+]>$* $: $1 < @ $[ [ $2 ] $] > $3
# no DNS entry? this is dangerous!
# R$*<@$*$~P>$* $#error $@ 4.1.8 $: 418 unresolvable host name $2$3, check your
configuration.
(At this point, you should have enabled all of the anti-spam rulesets in sendmail.cf for 8.9.3).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-14-2003 08:45 AM
тАО01-14-2003 08:45 AM
Re: sendmail challenge!!!!! validate dns
A couple of interesing things.
# FEATURE(`accept_unresolvable_domains')dnl
I should not accept mail from unresolvable domains. Trust me, my Linux server is getting mail from unresolvable domains.
Is this due to forged headers?
I'll do that.
on UX though.
/usr/newconfig/etc/mail/cf/cf/gen_cf
The configuration file is: sendmail.cf.gen
Press Return key to continue....
I hit return
Select the options below with space as the separator
1: generate sendmail.cf with Relay ON [ Includes 9 10 13 options ]
2: generate sendmail.cf with Relay OFF [ Default sendmail.cf file ]
3: generate sendmail.cf with Relay_entire_domain
4: generate sendmail.cf with Relay_based_on_MX
5: generate sendmail.cf with Relay_hosts_only
6: generate sendmail.cf with Access_db
7: generate sendmail.cf with Relay_local_from
8: generate sendmail.cf with Blacklist_recipients
9: generate sendmail.cf with Accept_unresolvable_domains
10: generate sendmail.cf with Accept_unqualified_senders
11: generate sendmail.cf with Realtime Blackhole List
12: generate sendmail.cf with Loose_relay_check
13: generate sendmail.cf with Promiscuous_relay
h: Help [ Number ] [all]
x: Exit from selection
choose option 9'
9
Including accept_unresolvable_domains
cat: Cannot open generic-hpux10.changed: No such file or directory
Building .. sendmail.cf.gen file
/usr/ccs/bin/m4:-:1 can't open file
Kind of wondering whats going on here.
Steve
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-14-2003 08:48 AM
тАО01-14-2003 08:48 AM
Re: sendmail challenge!!!!! validate dns
220 investmenttool.com ESMTP Sendmail 8.11.6/8.11.6; Tue, 14 Jan 2003 10:46:42 -
0600
As is the usual case, more bleeding edge.
Steve
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-14-2003 09:01 AM
тАО01-14-2003 09:01 AM
Re: sendmail challenge!!!!! validate dns
The Linux one is not.
I will have to go home, and run some tests on the mail I've sucked off the server into outlook, because I don't have any examples yet.
Steve
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-14-2003 10:59 AM
тАО01-14-2003 10:59 AM
Re: sendmail challenge!!!!! validate dns
-give or take, the Linux and HP-UX sendmail.cf files should be _very_ similar. The difference is mainly in delivery agents. The rulesets you're concerned with should be the same.
-you _don't_ want to enable this feature:
# FEATURE(`accept_unresolvable_domains')dnl
-the configs are easier to see and understand on 8.11.1
-IIRC, 8.11.1 has two checks/points of control ... 1 to see if the IP of the relay is resolvable, 1 to see if the domain portion of the sender's e-mail is resolvable