[Mimedefang] How to block based on bad dns resolution names?

Thu Mar 11 08:37:44 EST 2004

David Fowler wrote:
> 
> Here's one that I would love to crush, filter, destroy:
> 
> Received: from smtpikdpivfmvm02w.worldwidemailserver.com (localhost
> [203.210.222.130] (may be forged))

Do it in sendmail -- its trivial!

Generic code is below. (Don't forget to put tabs in between LHS and RHS of rules.) A word of caution: Few legit MTAs have no hostname, but you would be surprised how many have forged hostnames -- especially the big banks.

Hope this helps.

Jon
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214

divert(-1)dnl
# Copyright (c) 2002 by Advanced Systems Engineering Technology. All Rights Reserved.
#
# ------------------------------------------------------------------
# CONNECTION CHECKING LOGIC
# ------------------------------------------------------------------
#
divert(0)dnl
LOCAL_RULESETS
#
# CkRelay (checks for valid hostname)
#
# It is assumed that this routine is called from Local_check_relay
#
SCkRelay
R $*		$: $&{client_resolve}
R OK		$@ OK		now do other checks
R TEMP		$#error $@ 4.7.1 $: "451 Temporary lookup failure of hostname for connection to IP " $&{client_addr}
R FAIL		$#error $@ 5.7.1 $: "551 Sorry, but we do not accept email from systems without a hostname. Cannot find a hostname for IP "$&{client_addr}". Please fix your DNS and try again."
R FORGED	$#error $@ 5.7.1 $: "551 Sorry, but we do not accept email from systems whose hostnames cannot be validated. Your hostname reports as being forged. Please fix your DNS and try again."
R $* 		$#error $@ 4.7.1 $: "451 Temporary lookup failure of hostname for connection to IP " $&{client_addr} ". Unknown client_resolve status="$&{client_resolve}
#
# Local_check_relay
#
SLocal_check_relay
#
# check for valid hostname
#
R $*		$: $>CkRelay

==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.