Chat
chat Singapore chat chat US Cluster chat chat Malaysia chat chat Backup chat
Internet Chat
chat Home chat chat Chat Help chat chat Chat Rules chat chat Members chat chat Games chat chat About Us chat  
"Fun & Friendly Chat & Games since 1995"
About Us
Alamak Offices
Contact Us
Free Speech & Privacy
What's Happening
Alamak News
Vpopmail smtpd-chkusr with TMDA Python

 Block Reverse DNS

Machines with no Reverse DNS are not valid mail machines and you couldn't reply to these anyway. Spammers typically use these kind of dialup boxes to insert spam into the net then disappear. If they are valid users who run email on a dialup unix box they should know how to configure sendmail? to use the providers smtp SMARTHOST. I actually had some wanna-be complain that our mail mail server was configured wrongly because he didn't have a reverse DNS and couldn't inject mail directly from his dialup winnux box. Maybe he better stick to windoze and huntwing wabbits!
# Use the following to rebuild
# cat tcp.smtp | tcprules tcp.smtp.cdb tcp.smtp.tmp
#
127.0.0.1:allow,RELAYCLIENT=""
10.1.1.1:allow,RELAYCLIENT=""
=:allow

The nifty startup script in /services/smtp/run ... watch out for -H flag!
exec softlimit -m 8000000 tcpserver -S -R -c20 -p -x /d/vpopmail/etc/tcp.smtp.cdb -u 89 -g 81 0 smtp \
sh -c 'test -z "$TCPREMOTEHOST" && \
echo "451 Blocked - Reverse DNS queries for your IP fail. You cannot send me mail." || \
/var/qmail/bin/qmail-smtpd "$LOCAL" /d/vpopmail/bin/vchkpw /usr/bin/true splogger smtpd'

# Be careful the evil -H it stop reverse DNS from working! # JDS
# -H don't look up 
# -R don't look up 
# -p paranoid, do forward & reverse queries
#    (if you use the -p option, consider the -t option).
# -S http://matt.simerson.net/computing/mail/qmail/qmail.toaster.open-smtp_writeup.txt
# -t timout value for dns lookups (in seconds) - default 26 seconds
# -c [num] number of simultaneous connections
# -l 0 something about localhostname which is not necessary
# -v verbose to STDOUT logging not needed with splogger


Do a 'services stop' and 'services start'. Probably not the right way to do it if you're afraid of missing one or two emails or have many corporate clients who rely on getting all thier email.

Test it from machines with and without reverse DNS
ns.1rez.com:~$ telnet alamak.com.sg 25
Trying 202.56.144.85...
Connected to alamak.com.sg.
Escape character is '^]'.
220 alamak.com.sg ESMTP

purple:~$ telnet alamak.com.sg 25
Trying 202.56.144.85...
Connected to alamak.
Escape character is '^]'.
451 Blocked - Reverse DNS queries for your IP fail. You cannot send me mail.
Connection closed by foreign host.

Pretty cool huh?

chat
chat
chat