[Mimedefang] Blocking Dictionary Attacks

Les Mikesell les at futuresource.com
Thu Jun 4 23:16:37 EDT 2009


afo cliff wrote:
> Les,
> 
> That's a great idea!  I tried it but no matter what I do, sendmail is
> letting everything through.  Virtusertable is configured correctly in
> sendmail.mc, also did the appropriate makemap.  I think something has
> changed in sendmail (I have 8.13.8).  I've searched the world over 10
> times and tried many different combinations in virtusertable &
> mailertable and no matter what it relays everything.  I know it is
> looking at the virtusertable because sendmail lets me know if I put an
> error in the file.  The closest I can come is to use the access table
> in a similar fashion.  That does work but I can't find a way NOT to
> send a reject message.  That's one thing I don't want to do is to tie
> up my server sending 10,000 rejects to a zombie somewhere.  If I use
> the DISCARD command, then it tosses the whole email and nobody gets
> it, even valid users.
> 
> Is there some trick to making your suggestion work?

In my case the MX server relaying in from the internet is not itself the 
delivery host.  It has the domains it receives for listed in 
local-host-names and the actual delivery destination is mapped in 
mailertable like:
domain.com esmtp:[host.domain.com]

(the []'s let you go to a name with an A  record or an IP instead of the 
default MX lookup)

Maybe you don't have the domain listed in local-host-names so sendmail 
thinks it must relay.  Virtual users and aliases are only checked for 
the domains it process as local - but you can still relay for delivery.

-- 
   Les Mikesell
    lesmikesell at gmail.com



More information about the MIMEDefang mailing list