[TriLUG] AOL's new email policy

Jon Carnes jonc at nc.rr.com
Sun Mar 30 01:04:32 EST 2003


Here is a typical example of mail that would be blocked by this setting:

  Bob at unc.edu sends out an email from his internal
  machine (betty.py.unc.edu), now unc.edu resolves fine, 
  but lets suppose that UNC does *not* setup external MX
  records for betty.py.unc.edu, or for that matter even
  A records for the server (since it is internal and
  supposedly un-reachable by direct connect to the
  outside).
  
  The user has a default mail setup on the box so it sends
  out mail as Bob at betty.py.unc.edu.  The address is
  technically valid and it will work inside of unc.edu
  just fine. Anyone outside of unc.edu should simply
  reply to Bob at unc.edu.

  Still the mail comes out and it has a hostname that 
  cannot be verified by DNS (outside of unc.edu). 
  Your mail server tosses Bob's email away. You don't
  get your invitation to Bob's party.  You miss the
  blow-out of the year.

There are a lot of other examples involving Lotus Notes email servers
and MS Exchange servers not being setup properly (or being setup as
properly as their vile creators will allow).  The point is that if you
enable this, you will still get spam, and you will also block legitimate
email.

How will you still get spam?  90%+ of that stuff comes from a valid
host.  Maybe not the *real* host that it originated from, but from a
nicely chosen faked domain that really exists. 

If you want to stop spam - use SpamAssassin.

On Sat, 2003-03-29 at 23:10, Joseph Tate wrote:
> I think you're reading this wrong.  This only rejects if the sender's 
> e-mail address contains an unresolvable domain.  At least that's what I 
> think MAIL FROM means.  I'm not an SMTP expert though.
> 
> In any case, as with the telephone, e-mail is only reliable if there is 
> some feedback.  If it's important, the sender will make a second effort 
> to relay the message.  If it's not important, I don't want to read it 
> anyway.  Now, I'm not trying to solicit business from this address, and 
> therefore I care less if I don't know about an e-mail that I miss than I 
> would on my business e-mail account (not hosted at home).
> 
> Joseph
> 
> Jon Carnes wrote:
> > In the sendmail.mc file this option is referred to as:
> >    FEATURE(`accept_unresolvable_domains')dnl
> > 
> > If you change that to:
> >    dnl FEATURE(`accept_unresolvable_domains')dnl
> > 
> > then you will comment that "feature" out and Sendmail will now test all
> > emails for resolvable hosts.  It will add the line: 
> >    Kresolve host -a<OK> -T<TEMP> 
> > to sendmail.cf.
> > 
> > Having said that... Don't do it!
> > 
> > A lot of folks have f**ked up MTA's that DO NOT report their domains
> > correctly. If all you talk to are folks running Unix based Mail servers
> > that are setup properly, then you will get all your mail, otherwise you
> > will bounce a lot of legitimate mail from innocent folks who just happen
> > to work for companies with incompetent Postmasters.
> > 
> > Use SpamAssassin.
> > 
> > Jon
> > 
> > On Fri, 2003-03-28 at 17:09, Turnpike Man wrote:
> > 
> >>I have been told for the longest time that editing the sendmail.cf file
> >>directly is some kind of horrible sin, thus I avoid touching it.  (looks pretty
> >>overwhelming to me anyway).  I was taught to edit sendmail.mc and apply via m4.
> >>
> >>laters,
> >>David M.
> >>
> >>--- Joseph Tate <jtate at dragonstrider.com> wrote:
> >>
> >>>In my sendmail.cf I have:
> >>># Resolve map (to check if a host exists in check_mail)
> >>>Kresolve host -a<OK> -T<TEMP>
> >>>
> >>>It's been so long since I've set up the server that I don't remember how 
> >>>that got there.  Maybe it is default.  Check to see if it's in your 
> >>>sendmail.cf file.
> >>>
> >>>I can't seem to find anything in my .mc file that would translate to 
> >>>that, but it is part of the /usr/share/sendmail-cf/cf/generic-linux.cf file.
> >>>
> >>>I just know that I get messages every so often in my logwatch that 
> >>>"REJECT: domain of sender does not exist"
> >>>
> > 
> > 
> > 
> > _______________________________________________
> > TriLUG mailing list
> >     http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ:
> >     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
> 
> _______________________________________________
> TriLUG mailing list
>     http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
>     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html




More information about the TriLUG mailing list