Blacklists and rejecting mail with Sendmail



A long time ago I had found how easy it was to reject messages outright with Postfix that came from non-existent domains. You know… junk from asdflkjuasdlfkjh@imadethisupmyselfanditsnotregisteredanywhere.com

Well, since the mailserver at THIS site runs sendmail I wanted to fix sendmail the same as my home server. My home server is postfix based and uses fetchmail to pull from the website. Since I had the rules set to reject non-existent domains at home it would essentially strand messages in the account here at the website which would then need to be cleaned out manually.


I did some looking at the time and didn’t find a promising way to do it. I have felt more comfortable with postfix configuration than sendmail. So, I emailed support at the webhost and their answer (from Level 1 tech support if I recall) was along the lines of. Sorry, we can’t do that. If you can figure it out you might try it, but you’re on your own.

Thanks…

So, as I was investigating blacklisting lately I learned more about sendmail in the process….
For starters, I had not learned the “proper” way to configure sendmail before. I’d always made my changes directly to the sendmail.cf file a’la postfix’s main.cf…. apparently that’s the hard way to do things… there’s a file at /etc/mail/sendmail.mc that makes things MUCH easier. After changes to the template at sendmail.mc are made, then you can “re-generate” your sendmail.cf file by doing this…

m4 /etc/mail/sendmail.mc > /etc/sendmail.cf

OK.. so among the things I was doing was adding blacklists to outright reject mail from various sending IP’s. Here’s an example of one line of this.

FEATURE(`dnsbl’, `sbl-xbl.spamhaus.org’, `”550 Mail from ” $&{client_addr} ” refused – see http://www.spamhaus.org/SBL/”‘)dnl

I should warn here to think through very carefully adding dynamic address blacklisting. In my situation I relay from a dynamic home address through my webserver, so…. dynamic address blacklisting would prevent that relaying…

Anyway…. here’s the magic setting to reject mail from unknown/nonexistent domains….

dnl We strongly recommend to comment this one out if you want to protect
dnl yourself from spam. However, the laptop and users on computers that do
dnl not have 24×7 DNS do need this.
dnl FEATURE(`accept_unresolvable_domains’)dnl

dnl is the way you comment out a line and …. lo and behold the default setup from my isp had this feature enabled…. which meant that there was no check to verify if the sending domain was resolvable. It has tremendously cut down on my “caught in limbo” junk mail. For a period I was having to clear out ~200 messages through webmail every week or two. Now, it’s been a month and there are only ~12 messages that have been accepted by sendmail that postfix balked on.

So, anyway… the search for one problem wound up leading me to the answer to a 6 month old question…. nice when things converge like that.

   Send article as PDF   

Similar Posts