the Verisign wildcard, dccm, and sendmail.mc/.cf

Vernon Schryver vjs@calcite.rhyolite.com
Sun Sep 28 20:23:19 UTC 2003


I've been using the enclosed in a .mc file to reject mail from
undefined .net and .com domains despite the Verisign wildcard

It restores the effects of `misc/hackmc -A` if you are not using
the BIND patch defense against Verisign's action. 
If you prefer to only reject and not report mail with invalid sender 
domains, replacing the penultimate line with the following should work:

R$* $| 64.94.110.$*	$#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"

The enclosed lines also reject mail from user@[1.2.3.4].
The lines assume FEATURE(dcc).


Vernon Schryver    vjs@rhyolite.com



LOCAL_CONFIG
Kverisign dns -R A -r 5

LOCAL_RULESETS
SLocal_check_mail
R$*			$: $1 $| $&{dcc_mail_host}
R$* $| [$*]		$# $(macro {dcc_isspam} $@ "reject likely spam from numeric sender "$2" to DCC" $) TODCC
# deal with Verisign's attack
R$* $| $*		$: $1 $| $(verisign $2 $)
R$* $| <TMP>		$#error $@ 4.7.1 $: "451 Temporary DNS failure"
R$* $| 64.94.110.$*	$# $(macro {dcc_isspam} $@ "5.1.8 553 Domain of sender address " $&f " does not exist  Sent to DCC" $) TODCC
R$* $| $*		$: $1



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.