blocking mail for unknown users for certain domains only

Fri Mar 11 14:06:10 GMT 2005

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> Hi fellow MailScannians,
>
>
>
> My goal:
>
>
>
> To reject mail at the MTA level (sendmail) if it is being sent to an
> unknown recipient (belonging to certain domains only), based on a list
> of known 'good' email addresses for those certain domains. Sort of like
> using sendmail's blacklist_recipients to blacklist entire domains, yet
> having some sort of whitelist_recipients so we can let mail for known
> users override the blacklist.
>

In sendmail, virtusertable can be your friend:
But remember to put in the required adresses postmaster and abuse in each
domain.

example:
abuse at example.com             abuseaccount+submailbox
hostmaster at example.com       hostmasteraccount+submailbox
postmaster at example.com       postmasteraccount+submailbox
@example.com                      error:nouser 550 User unknown

catchall example:
@example2.com       example2account+%1%3

You will find documentation on sendmail.org and in your distribution.

Have not tried the following myself yet but I guess you can have a file
for each domain that is editable from web, do syntaxcheck and cat them
into makemap in a cron-job if any of them are more recent than the db.
Tell us how you solve this and how it works!

--
Hilsen Lars

>
>
> Background / details:
>
>
>
> We are using sendmail / MailScanner / MailWatch as a dedicated
> anti-virus/spam gateway mail server. I have made a little "prefs.php"
> addon for MailWatch, originally to let our users set up their own
> whitelists and blacklists on a per-user / per-domain / global basis. I
> also set up a daily quarantine email report and users can specify if
> they do or don't want to receive their daily quarantine report through
> our addon to MailWatch. My prefs.php is storing their preferences in a
> MySQL database, and I have some perl scripts that grab the data from the
> database and output it into text files MailScanner can read.
>
>
>
> After letting that run for a few days, we can quickly build up a list of
> valid email accounts for a domain based on who is receiving mail, and
> it's easy to see most of the typo'd and invalid email addresses spammers
> are sending mail to since they receive such little mail (and 100% spam)
> compared to the legitimate addresses. I set up a daily "domain admin"
> quarantine email report that shows a summary of all email for a certain
> domain in the past 24 hours, and made an easy one-click way people can
> set up a new account with a random password if they want to add a bunch
> of MailWatch accounts for valid users quickly.
>
>
>
> So I would like to give people an option on a per-domain basis of
> whether or not to make Sendmail reject mail destined for their domain
> unless its being sent to a known account. We do not want to apply this
> to every domain since this will require the 'domain admins' to set up
> any new email accounts they add in my prefs.php for MailWatch before the
> server will accept mail for that new account, which some might see as an
> inconvenience.
>
>
>
> Similar to how I am dumping the settings from the database into text
> files for MailScanner to read, I figure with the right Sendmail settings
> I could add any domains that want this feature to the
> blacklist_recipients file to reject all mail for their domain
> completely, and dump all of the known user accounts into the
> "whitelist_recipients" file if there is such a thing that can override
> blacklist_recipients.
>
>
>
> I have read in the M/FAQ about the Exchange LDAP lookahead stuff but
> that is overkill I think.
>
>
>
> Thanks for reading this and extra thanks to anyone who can point me in
> the right direction. :-)
>
>
>
> Best wishes
>
> Jeremy
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!