Re: A security issue of a different kind.

[alan () manawatu gen nz (Alan Brown)]

The anti mail-relaying stuff is discussed on page 194 of the sendmail
book ("refuse to act as a mail gateway").

I was mailed this fragment about 2 months back when discussing bad
domains. The delay was getting a chance to ask permission to repost it.

Here's the patch (to your sendmail.mc):
---
# added by Josh () actrix gen nz
# mail from the domains in /local/lib/mail/banned-domains.txt will berefused
FK /local/lib/mail/banned-domains.txt
R$* < @$*$=K . > $*             $#error $@ 5.7.1 $: "This domain isbanned."
R$* < @$*$=K > $*               $#error $@ 5.7.1 $: "This domain isbanned."
---

Also this:

I found it someplace off www.harker.com - they're pretty good for sendmail
generall.

----

Finally: I _STRONGLY_ recommend anyone running sendmail sets the privacy
options as follows in sendmail.cf

8.8.x (Linux flavour)

O PrivacyOptions=goaway,restrictmailq,restrictqrun

8.6.x (yes, bad enough in itself)

Op goaway,restrictmailq,restrictqrun

I've seen several spam sites try to walk my userlist via the smtp port,
which is why I removed vrfy/expn. They're not needed and can give away
far too much information.

BTW, I've had in excess of 100 items from earthstar.com and isp-inter.net
in the last week. The latest is from earthstar's management, advertising
themselves as a spam haven. Complaints to Sprint so far have been
ignored. (Sprint provide their connectivity.)

AB