FEATURE(badmx)—V8.14 and Later

Most Windows PCs that exist on the Internet lack a fixed IP address. Instead, each uses the DHCP protocol to fetch a fresh IP address each time the machine boots. Such a machine is unable to publish an MX record (Set Up MX Records on page 332) because it has no fixed IP address. Unfortunately, many Windows PCs are hijacked without knowledge of the owner and are made to send out spam email. From such a hijacked machine, it is unlikely that a valid MX record will exist.

To avoid getting spam from such machines, you may use the FEATURE(badmx). It is declared like this:


With this feature declared, each time a client machine connects to your server, the hostname found (by reverse lookup of the connecting client) is stripped back to the domain part. For example, if the host www.example.com were to connect to your server, the connecting host’s IP address would be That address is reverse looked up to find the hostname www.example.com. This FEATURE(badmx) strips the host part from the hostname (the www) and performs an MX lookup on the result (the example.com part):

  • If the lookup returns a temporary error (a DNS retry), the following SMTP error is returned to the client and the connection is deferred:

    450 4.1.2 MX lookup failure for domain part looked up is shown here
  • If the lookup returns no MX record, the following SMTP error is returned to the client and the connection is refused:

    550 5.1.2 Illegal MX record for recipient host  domain ...

Get sendmail, 4th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.