Ken A wrote:
Don't accept mail for non-existent users. Your MTA should reject it.
Yeah, we should. Not quite there yet.
In spite of that, I thought it may be a good test to do anyway. Even if
the mail is addressed to an existent user, if the MX for the sender
domain is DNSed to the localhost address, there's no way (in my
thinking) that it's a legitimate email, unless a clueless admin has
accidentally DNSed the MX for their domain to be the localhost address.
A mechanism that does what I propose would probably have a pretty short
useful life anyway, I suppose - the arms race would move forward, such
that spammers wouldn't DNS their MXes to the localhost address when such
a test was prevalent in the community.
-- G.
That said, we get these too, though it's usually just an odd one now and
then. They come in from some domain that sendmail on a gateway box can
lookup in DNS, so it's accepted. Then there's an NDN generated for some
reason.... Perhaps the user or alias was just deleted this very minute,
or more likely, because the mail hub can't lookup the domain in DNS
because it's got a different cached result than the gateway (this
happens with newly registered throwaway spam domains). So, the mail hub
bounces it back to the gateway and it tries to send it back to the
domain who's MX is localhost.fabulous.com. We use MailScanner, so
there's a ~3 sec delay between when the gateway accepts the mail and
when it's delivered to the mail hub.
Ken A.
Pacific.Net
Theo Van Dinter wrote:
On Tue, Aug 15, 2006 at 08:41:27AM +1000, Guy Waugh wrote:
Aug 15 05:01:35 mailserver sendmail[13287]: k7EJ1YE7013287:
SYSERR(root): localhost.fabulous.com. config error: mail loops back
to me (MX problem?)
Do people actively combat this somehow?
I guess it depends how it got into your system in the first place.
If it's from some random outside machine sending you mail, why did the
MTA accept it in the first place? Typically MTAs only accept mail for
hosts/domains they consider "local" or for which they're configured
to relay. If "localhost.fabulous.com" isn't one of those two, I'd find
out why your MTA didn't just reject it.
