how to bock mailservers that have only an ip address

[John Rudd]

On Apr 30, 2006, at 6:45 AM, kte at nexis.be wrote:

> I  there a way to block server who don't have an DNS name but only 
> resolve to an ip address in sendmail?

As you can see, other people like the require_rdns.m4 sendmail hack.  I 
prefer using filter_sender in mimedefang:

1) require_rdns has different return codes than I want for different 
cases (yes, I could modify require_rdns, but then that gets into 
hacking a hack which gets bad for long term maintainability)

2) I'm not sure if require_rdns can be made to exempt those in certain 
IP blocks, those who have done SMTP-AUTH, etc ... but mimedefang can 
(that's why I do the check in filter_sender instead of filter_relay).

3) mimedefang lets you do LOTS of other checks, is incredibly flexible, 
and you modify behaviors in perl instead of sendmail cf expressions ... 
I much prefer perl to sendmail cf files.  It can check for recipients 
on remote relays (similar to milter-ahead), HELO/EHLO verification, and 
even attachment filename/filetype checks, anti-virus checks, and 
SpamAssassin.


Last week I posted a URL to my mimedefang-filter (which is where all of 
your site-specific perl code goes).  I'm about to re-do it, though 
(clean up the code some, move some code around to sub-routines so it's 
easier to customize certain details, have different versions for people 
who may want to skip virus/attachment/anti-spam checks if they're doing 
that somewhere else, etc.).  I'll post about the update in a couple 
days.