NDR strategy

[Andrea Cogliati]

We use MailScanner (with Sendmail) as a mail relay to protect our
Exchange Mail Server from Viruses, Spam and other threats. 

We configured the MS+Sendmail gateway to relay all messages for our SMTP
domains to our Exchange Server. The problem is with NDRs. Every time we
receive a message for a non-existing mailbox, MailScanner still scans it
then Sendmail relays it to Exchange that generates an NDR. Now, as most
of the messages are generated by Worms/Viruses/Spammers using fake
addresses, the NDRs either remain in mail queues until timeouts or the
NDR is received by some unwilling party or, worse, another NDR is
generated and received by our gateway. Anyway, the process is not
efficient as lots of messages are needlessly processed at least twice.
We found two possible workarounds:

1. Disable NDR generation on Exchange server, which solves part of the
issue to the detriment of RFC compliancy;
2. Enable relay at mailbox level instead of domain level on Sendmail
(using access_db).

The second solution seems the best as it solves the whole problem
maintaining full RFC compliancy. Unfortunately, it's completely manual
as every time we modify a mailbox on Exchange we have to modify Sendmail
configuration accordingly.

Anybody solved the issue with a better approach?

TIA,

Andrea