OT: sendmail issue

Vernon Schryver vjs@calcite.rhyolite.com
Thu Nov 29 15:03:29 UTC 2007


> From: John Sutton 

> I would like to use a dnsbl lookup on connections to port 25
> but omit the lookup for (authenticated-only) connections to
> the MSA port 587.  In this way, my roaming users/dynamicIP
> users will not get locked out.  I cannot use FEATURE(delay_checks)
> because this defeats the DCC hack to disable DCC for SMTP AUTHed
> connections ;-(

What happens if you move the DNSBL checks from sendmail's FEATURE(enhdnsbl)
to dccm -B?

notes:
  - see the dccm man page on your system or 
      http://www.dcc-servers.net/dcc/dcc-tree/dccm.html

  - if you have installed a recent version of dccm by running
     /var/dcc/updatedcc, then there is a /var/dcc/dcc_conf-new file 
     containing comments with an example DNSBL setting, as well as the 
     settings from your current dcc_conf file.

  - depending on your combination of white and blacklisting in the global
      /var/dcc/whiteclnt and per-user /var/dcc/userdirs/local/$USER/whiteclnt
      files, it might be necessary to add the following line to
      /var/dcc/whiteclnt
	 option MTA-first

  - dccm checks not only the SMTP client IP address against the DNS
      blacklist as sendmail does, but also the SMTP Mail_From domain
      name, URLs in the message body, MX servers for Mail_From domain nams,
      and DNS servers for Mail_From domain names and URLs.  That is wrong
      for some DNSBLs such as Spamhaus's PBL and ZEN that contain IP addresses
      of legitimate DNS servers.  When that is the case, precede the
      -B arg in DNSBL_ARGS in /var/dcc/dcc that specifies the DNSBL
      with -Bset:no-envelope -Bset:no-body -Bset:no-MX and/or -Bset:no-NS
      as needed.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.