I need some help with DSN.
I have been using sendmail since 1995. I have an Ubuntu 12.04 server
which my best information is, uses sendmail 8.14.4. I am having a
problem that mail is coming in from an address with a delivery status
notification request. Sendmail is delivering the email either locally or
following a .forward addresses and delivering successfully. Then sendmail
is generating a successful delivery status notification back to the
apparent sender of the original message and that outgoing message is
failing. I have set (please excuse that I am walking from one computer
to another retyping and may not have it character perfect here):
define('conf_PRIVACY_FLAGS','......,noreceipts')dnl in the sendmail.mc
and have verified that leads to
O PrivacyOptions=.....,noreceipts in sendmail.cf
and I have done sudo reloads, and rebooted the server at least twice, is
should be working with the new sendmail.cf file. I have googled, and
found scant information on DSN, only a recommendation to insert
"noreceipts", and another recommendation to not do that, that that is too
strict and will cause problems.
If I can, I would like to continue to allow DSN in the case of delivery
failures because those alert senders I did not get their mail properly,
but I can live without those to solve this problem.
What I am concerned is happening is one of two things:
Either a DDOS attacker is using a spam route to succeed: He has found a
way to send emails from the target domain to my server, so as to pass
regular checks on forged mail, and my server is delivering the spam
locally -- it is spam, I checked -- and then in repeatedly trying to
provide the requested success notification, my server is participating in
delivering a DDOS attack on the originating domain, using my server's
attempts to resend the notification frequently. My logs are full of
Or... a botnet has indeed compromised something in my network (as CBL
reports) and this has landed my server on a refuse list used by the
sending domains, and that is why the success notifications for spam are
not being delivered... But the spam keeps coming apparently from these
domains, and keeps requesting DSN.
But both of these beg the question, why is sendmail ignoring "noreceipts"
and continuing to try to send these notifications after I edited .mc,
compiled to .cf, and performed reloads and reboots and manually flushing
the mqueue repeatedly?
How exactly do I prevent sendmail from generating success notifications?