[Mimedefang] Blocking Dictionary Attacks
Andrzej Adam Filip
andrzej.filip at gmail.com
Fri Jun 5 02:20:05 EDT 2009
Les Mikesell <les at futuresource.com> wrote:
> afo cliff wrote:
>> Les,
>>
>> That's a great idea! I tried it but no matter what I do, sendmail is
>> letting everything through. Virtusertable is configured correctly in
>> sendmail.mc, also did the appropriate makemap. I think something has
>> changed in sendmail (I have 8.13.8). I've searched the world over 10
>> times and tried many different combinations in virtusertable &
>> mailertable and no matter what it relays everything. I know it is
>> looking at the virtusertable because sendmail lets me know if I put an
>> error in the file. The closest I can come is to use the access table
>> in a similar fashion. That does work but I can't find a way NOT to
>> send a reject message. That's one thing I don't want to do is to tie
>> up my server sending 10,000 rejects to a zombie somewhere. If I use
>> the DISCARD command, then it tosses the whole email and nobody gets
>> it, even valid users.
>>
>> Is there some trick to making your suggestion work?
>
> In my case the MX server relaying in from the internet is not itself
> the delivery host. It has the domains it receives for listed in
> local-host-names and the actual delivery destination is mapped in
> mailertable like:
> domain.com esmtp:[host.domain.com]
>
> (the []'s let you go to a name with an A record or an IP instead of
> the default MX lookup)
mailertable is *NOT* consulted for domains listed in list of local email
domains ($=w, local-host-names).
> Maybe you don't have the domain listed in local-host-names so sendmail
> thinks it must relay. Virtual users and aliases are only checked for
> the domains it process as local - but you can still relay for
> delivery.
virtusertable is consulted for local email domains ($=w) and
(non local) domains listed in $={VirtHost}.
Read carefully about side effects before using macros porviced by
sendmail.org for filling $={VirtHost}.
You can fill $={VirtHost} "directly":
LOCAL_CONFIG
C{VirtHost}example.net
P.S.
The topic has been discussed a few times plus in news:comp.mail.sendmail
Search for the threads with _VIRTUSER_STOP_ONE_LEVEL_RECURSION_
[it marks one recipe but you will find references to other by the way]
--
[pl>en: Andrew] Andrzej Adam Filip : anfi at onet.eu
Sic transit discus mundi
-- From the System Administrator's Guide, by Lars Wirzenius
More information about the MIMEDefang
mailing list