stop spam from made-up domains
Recently I was poking around a very spam-besieged server running RedHat Linux and noticed that the default sendmail configuration included these lines:
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
FEATURE(`accept_unresolvable_domains')dnl
This is a stupid default for the current spam climate. These days, we’re seeing tons of spam traffic from completely bogus domains. We can safely reject all that email without subjecting possibly legit entitities to bounce messages. In most cases, you’re going to be much better off if you comment this feature:
dnl # FEATURE(`accept_unresolvable_domains')dnl
rebuild sendmail:
make -C /etc/mail
and restart it:
service sendmail restart or sendmail.restart
But the comment is a little confusing and may scare some novice sysadmins into leaving the feature enabled.
However, the laptop
I think what they’re getting at here is a machine that’s getting its traffic through a local gateway, either a wireless router or a firewall that’s on a local subnet and will fail DNS. Even if you’re in this circumstance, you could run bind locally and create DNS entries for the local gateway(s).
users on computers that do not have 24x7 DNS
This would be a computer that has an active net connection (sendmail is receiving) but can’t reach either a local DNS server or the ISP’s DNS server. In other words, almost nobody will ever be in this situation.