Alex Palenschat wrote:
So my question is: if my system has granted RELAY permission to a system which is in a dnsbl used by the sendmail configuration, does the sendmail RELAY, or does it deny the connection attempt?
Thanks for wading through this completely hypothetical situation.
I think you would be served by doing some googling on backscatter. Any time you have a "backup mx" server that does not do recipient validation for the domains it serves not only is it going to receive a lot of spam, it is going to be producing a lot. This is exactly the type of thing that lands IP addresses in blacklists in my experience.
Backscatter is a fact of life. 99% of the emails in my queues are undeliverable backscatter. 99% of my inbound email is backscatter (since my domain gets used for forging email headers on spam). I'm retiring older systems which just can't deal with the backscatter. It just isn't economically viable to try to fight it any more; life is too short.
That being said you should be able to whitelist the IP of the blacklisted host before you do the rbl-checking. I know how to do this with postfix but not sendmail. I am not a sendmail user, but there are some sendmail users on the list who may be willing to help there.
This brings me to the ultimate point of my response: if you grant the firewall in question ACCESS permission, it does over-ride the dnsbl.
I would fix your local problem (if you can).
Unfortunately there are two other companies in between me and the users (not that I can really identify them with the junk I have to use here) so short of finding another job I'm stuck with the problem.
-- /\oo/\ / /()\ \ David Mackintosh | dave@xdroop.com