initial alias file

Patterson S.R. S.R.Patterson at SOTON.AC.UK
Thu Jan 16 12:38:53 GMT 2003

> -----Original Message-----
> From: Kevin Anderson [mailto:andersjk at SOL-INVICTUS.ORG] 
> Sent: 16 January 2003 11:35
> Hi all,
> I just got MailScanner working with wonderfull results, it 
> works great!

Doesn't it just.  Did you sign the guest book on to
that effect? :)  Or perhaps buy a mug from the new MailScanner store at ;D

> Just one thing that does bother me tho, the 
> initial mail coming in ignores the aliases file, it accepts 
> all mail destined for our domain.  Is there a way to have it 
> look at the alias file and discard any mail that is not 
> intended for a user in the domain and only scan real mail?

This is a Sendmail point of view, I don't know anything about Exim, but
as I understand it the checks run like this:

- Is the (envelope) mail from domain valid?
- Is the recipient domain one of ours?

At this point sendmail has decided that it will, in principle, handle
the mail.  What would normally happen then is sendmail would choose a
delivery agent to handle the message and, for domains which are in class
w (local domains) the delivery agent would be the local delivery agent.
This has a flag in the mailer definition which tells sendmail that this
mailer is a local mailer performing final delivery and so sendmail then
checks that the user is a valid, local user.  All of this happens
(normally) in the parsing of the envelope before the email is received.

I can only assume that because mailscanner runs sendmail in queue-only
mode it defers the selection of a delivery agent (mailer) until the
message is run from the queue.  I could be wrong about all of that of
course, it's been known :)

I hit a similar problem here, we run a two-tier system.  There are a set
of mailscanner machines which are our mail relays - they accept all in
and out-bound email.  They then scan the message and make a routing
decision for delivery - the message is either passed on to a
departmental mail server, the Microsoft Exchange system or the Unix mail
delivery servers.  It was done in this way because in future we envisage
the redirection of mail to occurr at this point (rather than by use of
forward files and/or to force certain groups of users email to certain
other places) through LDAP lookups on the user directory.  However,
until this is done this would normally mean that these relay servers are
simply "dumb" scanning relays.  I wanted, for technical reasons (and
because I also feel quite strongly that the border servers should be
authoritative over what email it is valid to accept) to check if the
recipient address is a valid local address at the point of mail

I put a bunch of rules into sendmail which perform NIS lookups on the
alias map to resolve names to their base username form and then used
another map to check if the user is local.  IN fact I have:

Kislocal user
Kisalias nis mail.aliases

Then in LOCAL_RULE_0 I have rules which use isalias to check the alias
map and expand out to a username if applicable, and then this gets run
through islocal to find out if the user is local - if they're not then
they get dumped to the error mailer.  This also has the advantage that
people *sending* mail as user at also have to be using a valid
local username.  You have to be a bit careful, though - if NIS is down
all of your aliases stop working and the mails start bouncing - I make
sure I check that NIS is working properly first and if not I just accept
the mail anyway!

If that all sounds exceedingly complex, then I'd just live with the
problem if I were you!

Steven Patterson MSci OCP.  Tel: +44 (0)2380 595810
Primary Information Services Support and Development
Information Systems Services, University of Southampton, UK.
Public PGP Key:

More information about the MailScanner mailing list