Rusty Nejdl

In my /etc/mail/access file, I have:

ded.swbell.net REJECT

and today, I received this spam message:

Return-Path: <meggoiwan_ik4561@check1check.com>
Received: from 65-70-26-18.ded.swbell.net (65-70-26-18.ded.swbell.net
[65.70.26.18] (may be forged))
by tethys.ringofsaturn.com (8.12.10/8.12.10) with SMTP id
i0DLtGav090378
for <WEBMASTER@SATURNCONSULTING.COM>; Tue, 13 Jan 2004 15:55:17
-0600 (CST)
(envelope-from meggoiwan_ik4561@check1check.com)
Received: from [178.30.179.204] by 65-70-26-18.ded.swbell.net with
ESMTP id C19AC7BF8FC; Sun, 18 Jan 2004 10:56:27 +0000
Message-ID: <r$-1-5$-955$l4219@u4t0gr2us>
From: "Robyn Miller" <meggoiwan_ik4561@check1check.com>
Reply-To: "Robyn Miller" <meggoiwan_ik4561@check1check.com>
To: WEBMASTER@SATURNCONSULTING.COM
Subject: Code #674
Date: Sun, 18 Jan 04 10:56:27 GMT
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="9BD9CF_1730B..2"
X-Priority: 1
X-MSMail-Priority: High

which very much resolves correctly:

[tethys]:[4:07pm]:[/etc/mail] > host 65.70.26.18
18.26.70.65.IN-ADDR.ARPA domain name pointer
65-70-26-18.ded.swbell.net
[tethys]:[4:07pm]:[/etc/mail] >

So, why did sendmail allow this?


Also, another question I have is how to get sendmail to completely
ignore the HELO/EHLO line of what the server identifies itself as
because I just want to check the DNS of the host?

Thanks!
Rusty Nejdl
Hostmaster, Ring of Saturn

D. Stussy

On Tue, 13 Jan 2004, Rusty Nejdl wrote:
> [Access DB question deleted] ...
>
> Also, another question I have is how to get sendmail to completely
> ignore the HELO/EHLO line of what the server identifies itself as
> because I just want to check the DNS of the host?

Except for the received line issue (already mentioned in another response),
there should be nothing in the default configuration that is checking the domain
given on the EHLO/HELO introduction. The RFC's say that this information isn't
really supposed to be checked. There is one case where I will differ with the
RFC's: If a host not you (per its IP address from the TCP connection) says that
it is you. To check further will break another possible case: A multi-homed
server, which is always supposed to give its PRIMARY name on the HELO line, but
may have interfaces lying in different domains from that domain of its primary
hostname. With the multihomed MTA server, the IP lookup and that interface's
domain name may be consistent but not be the same as the HELO name.

I have heard that there are some e-mail clients (or servers acting as relays)
that give the destination hostname in their HELO lines instead of their own
identity. The authors of those packages should be drawn and quartered. IT's
not supposed to be "Hello <your name>" but "Hello, I am <my name>." Grrrrrr.