Alex Palenschat wrote:
So my question is: if my system has granted RELAY permission to a system which is in a dnsbl used by the sendmail configuration, does the sendmail RELAY, or does it deny the connection attempt?
Thanks for wading through this completely hypothetical situation.
I think you would be served by doing some googling on backscatter. Any time you have a "backup mx" server that does not do recipient validation for the domains it serves not only is it going to receive a lot of spam, it is going to be producing a lot. This is exactly the type of thing that lands IP addresses in blacklists in my experience. That being said you should be able to whitelist the IP of the blacklisted host before you do the rbl-checking. I know how to do this with postfix but not sendmail. I am not a sendmail user, but there are some sendmail users on the list who may be willing to help there.
My guess is that if you post to the mailing list of the MTA in question you may raise their ire a bit as you seem to be trying to solve a problem further downstream than you should be (idiots on your network).
I would fix your local problem (if you can).
alex
I'm using milter-ahead and Spamhaus on my backup mailserver. Milter-ahead looks to the primary mailserver to see if the user exist before excepting mail for the domain.. unless the primary mailserver is unreachable, at which point it accepts anything. (rare ocassions). Milter-ahead makes use of the mailtable and relay domains to know if it should be dealing with email for our domains.
So many spammers are finding the backup mailservers and sending directly to those, I found this absolutely a must do as backscatter was getting terrible.
Best, John Hinton