More Spam? (was: Re: SOLVED Re: Dropping email on the floor?

Jeff Kinz jkinz at kinz.org
Wed Apr 20 00:48:22 UTC 2005 

On Tue, Apr 19, 2005 at 03:16:52PM -0700, Rick Stevens wrote:
> Jeff Kinz wrote:
> > Following that direction, as an experiment I added these two lines to
> > the sendmail.mc file:
> > FEATURE(`nocanonify')
> > FEATURE(`accept_unresolvable_domains')
> 
> UGH!  Those are bad moves.  HUGE amounts of spam and viruii come from
> unresolvable domains--that's one reason you don't want to accept such
> stuff.  Stop it before it gets into your spools and your spam bot or
> antivirus has to deal with it.
> 
> > Then rebuilt the sendmail config and restarted sendmail.
> > 
> > The problems seemed to stop almost immediately.
> 
> Well, sure.  You're accepting some bad stuff now.  We have simple rules
> here:  If you send us stuff that's not from a FQDN, if your domain
> doesn't resolve, if the IP you claim you're on doesn't reverse resolve
> or doesn't match what you claim your domain is, we reject it, log the
> IPs and such and file complaints.  We've gotten two /24 networks banned
> from the internet like that (the *ssholes were in China).
> 
> I can absolutely guarantee you'll see spam and viruses galore coming
> from China, Columbia, Korea and Brazil.
> 
> > As a final verification I will reverse this change and see if the same
> > symptom re-appears.
> 
> It will.
On Wed, Apr 20, 2005 at 01:38:16AM +0300, Kostas Sfakiotakis wrote:
> > FEATURE(`nocanonify')
> > FEATURE(`accept_unresolvable_domains')
>
> Jeff , isn't enabling the accept unresolvable domains
> Feature a door for spamming the server in question ?
> What would the sideeffects of that be ?

Rick and Kostas are both correct (except for .. see below).  Turning on
those two features in Sendmail does potentially allow more spam to reach
your systems.  It is not recommended except in dire cases.

The point in this case was to reduce the number and kind of DNS
queries Sendmail was making about the incoming emails. Turning on the
above features does that.  My ISP, Comcast, is experiencing, ahem, DNS
"difficulties" which, because the DNS lookups on email from certain sources
were failing, (others were/are having no problems) was preventing my
systems from getting large quantities of legitimate emails.  Now those
good emails are getting through.

re - the SPAM, well so far the increase has not been detectable and 
thanks to bogofilter its not showing up anywhere except the spam bin
(knocks on wood) so far, so good.

So - I have a question.  It appears that Comcast will never get its act
together enough to use its DNS services the way I need to.  Does anyone
have any suggestions on what other techniques I can use to implement a
better (more responsive/timely) DNS ?

-- 
Jeff Kinz, Emergent Research, Hudson, MA.

More information about the Redhat-install-list mailing list