blocking mail for unknown users for certain domains only

skk s.kelly at AYRCOLL.AC.UK
Sat Mar 12 10:00:56 GMT 2005


    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi Jeremy,

Martin, Jeremy wrote:
> Hi fellow MailScannians,
>  
> My goal:
>  
> To reject mail at the MTA level (sendmail) if it is being sent to an
> unknown recipient (belonging to certain domains only), based on a list
> of known â^À^Øgoodâ^À^Ù email addresses for those certain domains. Sort of
> like using sendmailâ^À^Ùs blacklist_recipients to blacklist entire
> domains, yet having some sort of whitelist_recipients so we can let mail
> for known users override the blacklist.

        Try the following:
        in the /etc/mail dir of your mailscanner gateway make/edit a file
called relay-domains. Add to it all domains you wish to relay for, in
the format:
staff.gsi-kc.com
sales.gsi-kc.com
other.staff.gsi-kc.com

etc, etc
	
        Make up a text file called access.txt that contains the following type
of entries:
staff.gsi-kc.com                          ERROR: "5.1.1 Unknown User"
sales.gsi-kc.com                          ERROR: "5.1.1 Unknown User"
other.staff.gsi-kc.com                    ERROR: "5.1.1 Unknown User"

# internal email exchangers i.e your exchange boxen

CONNECT:exchangebox1.gsi-kc.com                         RELAY
CONNECT:exchangebox2.gsi-kc.com                         RELAY

# email-addresses you want to recieve mail

gaffer at staff.gsi-kc.com                 OK
gaffer at sales.gsi-kc.com                 OK
drone at other.staff.gsi-kc.com            OK

etc, etc,

then do something like makemap hash access < access.txt

This system blocks mail for all unknown users, dictionary spammers etc
for each domain that I have - currently three, with around 16000 mail
accounts total.I do not think it will scale to hundreds of thousands of
accounts, but it works well enough here, and is not that difficult to
keep up to date. (See other posts on the list for automatc ADS
pull-throughs)

If my explanation of all this is not making sense, then check out the
following:  http://www.sendmail.org/m4/anti_spam.html#access_db

or if there are any others on the list who can point out what is wrong
with this method I would be grateful .....

Hope this helps,


Shane Kelly
Network Manager
Ayr College

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list