1

I have a bunch of domains as relay domains at my sendmail config, i noticed that some dirty botnet is using dns spoof to be able to send emails using those relay domains.

How it works:

a domain zzz.xxx.tld resolves back to 127.0.0.1, when my server tries to resolve zzz.xxx.tld it falls back to 127.0.0.1 spoof!

Is there anyway to fix/avoid/block this? relaying only on specific server ips would be better?

Thanks.

Rod
  • 372
  • 4
  • 10

1 Answers1

0

Do you need to have a hosts entry pointing to 127.0.0.1? Perhaps you could point the hosts to your external IP instead and only allow relaying from localhost.

James L
  • 5,915
  • 1
  • 19
  • 24
  • I'm not sure what are the implications of not relaying on 127.0.0.1, some emails are sent by crons and other server internals, not sure if those would be delivered or deferred. – Rod Aug 23 '10 at 21:58
  • It mainly depends on the SMTP address they're using, if they're using the external IP or a hostname other than localhost, then that change would break them. – James L Aug 23 '10 at 22:11