How to Reject Mail to all non-local user recipients?
am 22.04.2008 03:01:54 von ljames
Throughout my research it appears that sendmail, by default will
reject all mail that doesn=92t have a valid local user. If this is not
the case, can someone advise me how to setup this as a rule? Is there
a pre-canned feature for this?
It=92s possible I may have inadvertently changed something during the
much tweaking of my mail system. Can someone look at my sendmail.mc
and tell me what I might have added to break this default or what I
should add to fix this default?
sendmail.mc
------------------------------------------------------------ ----
divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
define(`confDEF_USER_ID',``8:12'')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS',
`authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 PLAIN LOGIN')dnl #
Mine
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 PLAIN LOGIN')dnl # Mine
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(`dnsbl',`fresh.dict.rbl.arix.com', `550 Mail rejected:
http://nospam.arix.com/blocked.php' )dnl
FEATURE(`dnsbl',`stale.dict.rbl.arix.com ', `550 Mail rejected:
http://nospam.arix.com/blocked.php' )dnl
FEATURE(`dnsbl',`bl.spamcop.net ', `550 Mail rejected - see
http://www.apollo3.com/sendmail?s=3D02:$&{client_addr}' )dnl
FEATURE(`dnsbl',`dul.dnsbl.sorbs.net ', `550 Mail rejected - see
http://www.apollo3.com/sendmail?s=3D03:$&{client_addr}' )dnl
FEATURE(`dnsbl',`list.dsbl.org ', `550 Mail rejected - see
http://www.apollo3.com/sendmail?s=3D04:$&{client_addr}' )dnl
FEATURE(`dnsbl',`bhnc.njabl.org ', `550 Mail rejected - see
http://www.apollo3.com/sendmail?s=3D10:$&{client_addr}' )dnl
FEATURE(dnsbl,`combined.njabl.org', `Message from $&{client_addr}
rejected - see http://njabl.org/lookup?$&{client_addr}')dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
DAEMON_OPTIONS(`Port=3Dsmtp,Addr=3D0.0.0.0, Name=3DMTA')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
HACK(`require_rdns')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
------------------------------------------------------------ ----
Thanks in advance for any suggestions or comments.
-- L. James
--
L. D. James
ljames@apollo3.com
www.apollo3.com/~ljames
Re: How to Reject Mail to all non-local user recipients?
am 22.04.2008 07:59:17 von ljames
On Apr 21, 9:50 pm, Res wrote:
> On Mon, 21 Apr 2008, L. D. James wrote:
> > Throughout my research it appears that sendmail, by default will
> > reject all mail that doesn=92t have a valid local user. If this is not
> > the case, can someone advise me how to setup this as a rule? Is there
> > a pre-canned feature for this?
>
> This is correct, but if you are relaying for anotehr domain/host it's not
> to know.
The local names, local users, are common in my whole network=85 on all
the computers. When I said =93pre-canned feature=94, I was hoping for a
feature that would recognize the local users on the current machine,
which would only be concerned with the local users and reject any
emails that are not validated as local.
It=92s currently accepting and buffering emails to [thousands of
strings]@mydomain.com .
>
> > LOCAL_DOMAIN(`localhost.localdomain')dnl
>
> I'm sure that's not your hostname :)
> I'd also change: DAEMON_OPTIONS(`Port=3D25, Name=3DMTA')
>
Thanks. I made the suggested changes. Those two lines are now:
----------------------
LOCAL_DOMAIN(`ares.apollo3.com')dnl
DAEMON_OPTIONS(`Port=3D25, Name=3DMTA')
-----------------------
> The rest looks OK to me.
> I'd be checking your relay and access files perhaps... You may need a
> milter to verify if user exists on your other server, but if it cant
> connect to it, the milters will (should) accept the emails anyway as thats=
> its intended purpose, so you'll end up with some collateral damage, but
> nowhere near as much as you get now.
>
> As most compliant MTA's try resend for anywhere between 24 hours and a
> week, you may want to ask yourself if it's worth having the secondary MX.
Yes. That=92s what I had been relying on for years. I recently had a
hard drive go bad and my system was down for a long time while I
rebuilt my server, which included lots of things I had taken for
granted over the years.
I had lots of mail that had started to bounce. At present, I=92m trying
to avoid that type of problem that could happen (thought it might be
in the far future), but having certain backups and backup features in
place.
I appreciate your (or anybody else=92s) contribution to what can be done
to have sendmail actually use this type of =93default=94 behavior (reject
mail that doesn=92t have a local user).
The changes so far didn=92t make any difference.
-- L. James
--
L. D. James
ljames@apollo3.com
www.apollo3.com/~ljames
Re: How to Reject Mail to all non-local user recipients?
am 23.04.2008 19:27:53 von ljames
For anyone noticing the topic heading and wondering for a way to
reject mail to all non-local user recipients, via the a (basically)
pre-canned sendmail.mc feature, I found a workaround.
I know it=92s crude, but it works.
Make an entry in the access file to reject all (with a rejection
message) to your domains. Then make an entry that lists the email
addresses of all your users to relay.
access file:
-----------------------------------
# general rejection
To:mydomain.com error:5.1.1:=94550 Rejection message=94
#List of all local users (email addresses)
To:myid@mydomain.com
-----------------------------------
I know there are suggestions about installing LDAP, milter, and a host
of other commercial programs to do the same or similar. I will at
some time study how to install and configure other programs. However,
at present, I=92m glad to see at least there is this immediate built in
feature of sendmail.
If someone knows of other ways of using sendmail built-in features for
validating local users, I would appreciate the input.
-- L. James
--
L. D. James
ljames@apollo3.com
www.apollo3.com/~ljames