Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

howto /dev/null NDR's to not existing mailbox

22 views
Skip to first unread message

Marc

unread,
Oct 16, 2006, 6:16:27 AM10/16/06
to

A lot of our domains are being used as return adres. Spam which is send out
with a fabricated email adress asdf...@ourdomain.tld bounces back to our
servers.

We would like to drop these NDR reports to non existing users to /dev/null
or something like it, while legitimate users are still able to receive them.

I am looking for some help in coding this in the marco language.

Regards,
Marc


jma...@ttec.com

unread,
Oct 16, 2006, 11:54:03 AM10/16/06
to

Are you are leaving something out? Why is this a problem when the NDR's
are for the non-existing users? Your server simply rejects them and the
sending system now has to deal with the potential double bounce. While
that is somebody's problem, it is not yours.

I would expect this to be much more of a problem when the NDR's goes to
existing users.

You have to make the users exist before you can do much with the
incoming email addressed to them.

The simple way is to use an alias that mail to /dev/null

Then you use the virtusertable to have all incoming email go there
except for defined legitimate users.

Something like this.

aliases

nobody: /dev/null

virtusertable

@mydomain.com nobody
some...@mydomain.com somebody

Even though unpatched libmilter/sendmail milters do get to see the
possible invalid recipients, it wont let you add add a recipient until
EOM which if the message has no valid users, you wont get that far.

Andrzej Adam Filip

unread,
Oct 16, 2006, 12:22:18 PM10/16/06
to
"Marc" <ma...@wegermee.com> writes:

In default configuration sendmail rejects messages to non existing local
users in responce to "RCPT TO:" *BEFORE* message headers&body
trasmission.

Is you sendmail a secondary MX *OR* email gateway between internet and
internal mail system?

--
[pl2en: Andrew] Andrzej Adam Filip : an...@priv.onet.pl : an...@xl.wp.pl

Marc

unread,
Oct 17, 2006, 1:38:02 PM10/17/06
to
I using it as a gateway filtering spam/virus. I have set the mx record to
this server and then forward the messages with the mailertable

"Andrzej Adam Filip" <an...@onet.eu> wrote in message
news:878xjgn...@anfi.homeunix.net...

Andrzej Adam Filip

unread,
Oct 17, 2006, 2:52:37 PM10/17/06
to
"Marc" <ma...@wegermee.com> writes:
> [...]

> I using it as a gateway filtering spam/virus. I have set the mx record to
> this server and then forward the messages with the mailertable

Can you get list of all valid email addresses on the internal system?

There are *MANY* ways to make sendmail gateway accept only valid
addresses in the relayed domains .

Look for posts in the group with _VIRTUSER_STOP_ONE_LEVEL_RECURSION_
[ it is one of the most frequently recomended ways ]

jma...@ttec.com

unread,
Oct 17, 2006, 3:02:19 PM10/17/06
to
Marc wrote:
> I using it as a gateway filtering spam/virus. I have set the mx record to
> this server and then forward the messages with the mailertable


So your real question is this:

"How do I let my mx gateway server recognize which recipients are valid
on the final destionation/next hop server and which are not?"

Which has hit the newsgroup so frequently it really needs to be a faq
entry.

The short answers are:

*

Use ldap routing

see cf/README

+--------------+
| LDAP ROUTING |
+--------------+

http://www.sendmail.org/m4/ldap_routing.html

*

Use virtusertable with undocumented feature and an entry for each
valid user and a catchall entry that @domain.com error:nouser

_VIRTUSER_STOP_ONE_LEVEL_RECURSION_

*

Use virtusertable with a RHS of "!" for each valid user and a
catchall entry that @domain.com error:nouser

*

Use access db with undocumented feature

define(`_RELAY_FULL_ADDR_', `1')

*

use a milter of which there are several.

milter-ahead
j-chkmail
mimedefang
dnsbl
callahead-milter

Szaba

unread,
Nov 21, 2006, 9:55:34 PM11/21/06
to
I guess I will discover when i get into it further but I wonder do I
need to do each of the options Marc outlined below or are they separate
options any one of which would do the trick?

jma...@ttec.com

unread,
Nov 21, 2006, 10:28:00 PM11/21/06
to

Szaba wrote:
> I guess I will discover when i get into it further but I wonder do I
> need to do each of the options Marc outlined below or are they separate
> options any one of which would do the trick?

Use the one that fits your needs best.

jma...@ttec.com

unread,
Nov 21, 2006, 10:28:31 PM11/21/06
to

Szaba wrote:
> I guess I will discover when i get into it further but I wonder do I
> need to do each of the options Marc outlined below or are they separate
> options any one of which would do the trick?

Use the one that fits your needs best.

0 new messages