Sendmail - How to only relay if mx resolves for sender.
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Sendmail - How to only relay if mx resolves for sender?
Basically, I want to configure sendmail to only relay e-mails destined for my network by resolving the from domain's mx record to that of the sending server.
I think this would significantly reduce spam in doing this. For example, I send an e-mail from my home system with sendmail, the from domain is hotmail.com. So, when I resolve hotmail's mx records and it comes back with:
hotmail.com mail exchanger = 5 mx3.hotmail.com.
hotmail.com mail exchanger = 5 mx4.hotmail.com.
hotmail.com mail exchanger = 5 mx1.hotmail.com.
hotmail.com mail exchanger = 5 mx2.hotmail.com.
mx1.hotmail.com internet address = 188.8.131.52
mx1.hotmail.com internet address = 184.108.40.206
mx1.hotmail.com internet address = 220.127.116.11
mx1.hotmail.com internet address = 18.104.22.168
mx2.hotmail.com internet address = 22.214.171.124
mx2.hotmail.com internet address = 126.96.36.199
mx2.hotmail.com internet address = 188.8.131.52
mx2.hotmail.com internet address = 184.108.40.206
mx3.hotmail.com internet address = 220.127.116.11
mx3.hotmail.com internet address = 18.104.22.168
mx3.hotmail.com internet address = 22.214.171.124
mx3.hotmail.com internet address = 126.96.36.199
mx4.hotmail.com internet address = 188.8.131.52
mx4.hotmail.com internet address = 184.108.40.206
mx4.hotmail.com internet address = 220.127.116.11
mx4.hotmail.com internet address = 18.104.22.168
So unless the senders IP address is equal to that of the list above, it will reject it.
Does anybody have any experience with this and know how I can go about doing this?
He's right, MX records tell you where to send mail, not where to expect it from; so they aren't going to help you detect spoofing. Remember POP, IMAP, & SMTP are 3 different services, w/ 3 different port numbers, potentially running on 3 different servers.
What you want to do is a technique which I do not know the official name for. Informally, I call it "double reverse DNS lookup" & I'd like to know what its real name is. It is in common, but not universal, use & works like this:
Do a reverse DNS lookup on the originating IP, then do a forward (regular) DNS lookup on the result. The result should match the original IP; if not, suspect spoofing & bounce. Please don't ask me how to implement this or what to do if the e-mail headers contain a long chain of, possibly spoofed, IP addresses.
This technique fails for legitimate mail sources that have several physical servers (w/ unique IPs) lumped under 1 domain name. The result is that an apparently bogus IP is returned for all but the 1 server pointed to by the domain name. I have been told that somewhere in the RFCs that define the 'Net, there is a rule that says this shouldn't happen -- that all boxen like this should have unique domain names; but there are no "domain name police" to enforce this, and it does not break things often enough to motivate everyone who causes the problem to immediately fix it. My ISP is a prime example & the result is that I have one friend to whom I can't send e-mail at his work address, because his employer does this kind of filtering.
Perhaps someone can enlighten us about both the name & implementation.