require_rdns.m4 whitelist users & IP for sendmail.
Tested OK. Enable unqualified rdns MTA send mail to local specific user. (blah blah reasons...)
In "/etc/mail" folder, (ex: fedora)
First, enable 'require_rdns.m4' in sendmail.mc configuration with second default REJECT option.
HACK(`require_rdns',`REJECT')dnl
Watch out the ( ` back quote ) and ( ' single quote) differences, this enable sendmail with rdns check.
Read the instruction in rdns.m4, for more detail from author.
Then enable specific user and IP for whitelists, no rDNS for them in access map.
rdns:fooUserName OK
rdns:11.22.33.44 OK
rdns:noFooMail REJECT
'OK' means no rdns challenage in mail transfering, 'REJECT' means valid check is necessary.
Final steps are rebuild access map and m4 file of sendmail.
makemap hash access.db < access
and
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
service sendmail restart
Congratulations!! rDNS with whitelist check enabled, incoming mails to 'noFooMail' user
would be rDNS challenaged. Both mail wrote to 'fooUsername' or MTA from 11.22.33.44
would not be checked by rDNS rule. Especially there is a mail filter bogus or some blah
blah request foo on rDNS. (WTH u don't add MTA filter with valid MX record and IP
records? u foo 'synn*x'!
Great thanks to the rDNS hack's author, this skill really does help to block spamers.
In "/etc/mail" folder, (ex: fedora)
First, enable 'require_rdns.m4' in sendmail.mc configuration with second default REJECT option.
HACK(`require_rdns',`REJECT')dnl
Watch out the ( ` back quote ) and ( ' single quote) differences, this enable sendmail with rdns check.
Read the instruction in rdns.m4, for more detail from author.
Then enable specific user and IP for whitelists, no rDNS for them in access map.
rdns:fooUserName OK
rdns:11.22.33.44 OK
rdns:noFooMail REJECT
'OK' means no rdns challenage in mail transfering, 'REJECT' means valid check is necessary.
Final steps are rebuild access map and m4 file of sendmail.
makemap hash access.db < access
and
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
service sendmail restart
Congratulations!! rDNS with whitelist check enabled, incoming mails to 'noFooMail' user
would be rDNS challenaged. Both mail wrote to 'fooUsername' or MTA from 11.22.33.44
would not be checked by rDNS rule. Especially there is a mail filter bogus or some blah
blah request foo on rDNS. (WTH u don't add MTA filter with valid MX record and IP
records? u foo 'synn*x'!
Great thanks to the rDNS hack's author, this skill really does help to block spamers.
留言