Anti-spam measures

According to Janos Zsako:
> >   	What I think as the best solution is to patch sendmail
> >   	to check from the name service if we really are in the
> >   	mx list for the incoming mail.

We have been doing that for half a year now, and it works fine.

> The idea is good indeed. I am, however, somewhat concerned about
> the following potential dangers:
> 
> 1. The DNS can contain bogus info (including MX records).

Well if the MX record is wrong, you won't get any email anyway.

> 2. You could be a victim of a malicious setup. For example, the primary
> of foo.domain puts an MX to one of your hosts protected in the way you
> suggest. When the secondaries have updated the zone, you get a large
> number of spam destined for foo.domain. Your resources may be abused,
> and you can even suffer a DoS. (At the same time, foo.domain may even
> filter out SMTP connections from you, to make sure *his* resources are
> not wasted...).

So they setup their *own* nameserver to spam their *own* domain using
you as a relay? Not very likely..

No, the real problem is when a MX is moved to another host. Cached MX
records on other nameservers will cause the mail to be sent to the
old MX, which doesn't accept it anymore. This _can _ cause bounced email
if you are not careful (like lowering TTL 1 day before the tranfer, etc)

Mike. 
-- 
 Miquel van Smoorenburg |  The dyslexic, agnostic, insomniac lay in his bed
    miquels at cistron.nl  |  awake all night wondering if there is a doG