6

I would like to disable reverse DNS lookups in Sendmail.

We have an SMTP relay, running Sendmail, with an IP-based access.db. We have no requirement for reverse lookups and, in fact, they may be contributing to delays in response time. This triggers alerts in monitoring ... which make people unhappy.

I've had a search and have been unable to find anything to disable reverse DNS lookups for incoming connections. Obviously I can't just kill all DNS lookups as no mail will then be delivered.

  • OS: centos 5
  • sendmail.x86_64 8.13.8-8.1.el5_7
  • sendmail-cf.x86_64 8.13.8-8.1.el5_7

Thanks in advance!

theirpuppet
  • 93
  • 1
  • 6

1 Answers1

5

Check in your sendmail.mc whether FEATURE(require_rdns) is enabled. If not check also whether your sendmail binary is compiled with tcp_wrappers support, and if yes, check the policies (specific for sendmail, or default if absent for sendmail) in /etc/hosts.allow and /etc/hosts.deny

UPDATE:

There are a couple more files to check. First check /etc/nsswitch.conf (or /etc/mail/service.switch) if it exists. Normal entries for DNS resolving are:

hosts: files bind

Next check the entries of /etc/resolv.conf. Are the nameservers listed there responding? Maybe the first one is not reachable and this is the cause of the delays.

adamo
  • 6,925
  • 3
  • 30
  • 58
  • Firstly, thanks for the reply. I believe that feature is only available in [8.14.0](http://www.sendmail.com/sm/open_source/docs/older_release_notes/) Looks like we either need to upgrade to CentOS 6 to hopefully be able to remove that feature, or perhaps use something else? – theirpuppet Jul 31 '12 at 08:43
  • I updated my answer with a few more places to look. – adamo Jul 31 '12 at 12:51
  • Thanks again. The nameservers and IP Space are all ours, but delays in DNS lookups seem to persist despite all caching nameservers and authoritative nameservers being in apparent good working order. The intention is to disable DNS lookups as they are unnecessary. We don't wish to spend time identifying why a few lookups, from time to time, out of 100K+ per month on this server, are slow. While it's entirely possible we could solve it, we have bigger fish to fry. I can do this with Postfix via: "smtpd_peername_lookup = no". If we can't do it with sendmail, we may just use postfix instead. – theirpuppet Aug 01 '12 at 09:47
  • I'm experiencing this issue as well. Just to be confirm, is there a sendmail equivalent to the smtpd_peername_lookup option which will shut off RDSN lookups all together? – Mike B Mar 03 '13 at 17:17
  • 1
    Because sendmail comes linked with tcp_wrappers, add `sendmail: ALL` in your `/etc/hosts.allow`. If you are using the extended version this should be `sendmail: ALL: ALLOW`. This will disable the lookups that smtpd_peername_lookup does. – adamo Mar 03 '13 at 20:53