On Fri, 4 Jan 2002, Octavio / Super wrote: > How can I deny all MAIL FROM: <> commands from hosts which are not > MX for a domain?
You should not do this, for multiple reasons. 1. The null envelope sender ("MAIL FROM:<>") is used by MTAs to communicate Delivery Service Notification (DSN) messages, such as "address unknown" bounces, temporary failures, etc. If you block the null envelope sender, all users at your site will silently lose the ability to receive any DSN messages. 2. RFC1123 (section 5.2.9) *requires* all sites to accept the null envelope sender. If you reject the null envelope sender, your site will not be in compliance with Internet mail standards. 3. There are sites (such as www.rfc-ignorant.org) which exist to catalog and blacklist mail servers which do not accept the null envelope sender. Sooner or later, your failure to comply with Internet mail standards will be noticed, and your site will be blacklisted. 4. Chances are, your logic is that by blocking the null envelope sender, you'll reduced the amount of spam your site receives. This is false. The vast, vast majority of spam is sent with a fictitious (but not null) envelope sender address, precisely because spammers realized that some people were blocking the null envelope sender address in an attempt to avoid spam. One should not reject the null envelope sender address, ever. -- James Ralston, Postmaster General Software Engineering Institute Carnegie Mellon University, Pittsburgh, PA, USA