MailScanner as mail proxy

Marc Lucke marc at
Thu Nov 2 13:17:00 GMT 2006

Jim Holland wrote:
> On Tue, 31 Oct 2006, David Lee wrote:
>> Date: Tue, 31 Oct 2006 11:47:35 +0000 (GMT)
>> From: David Lee <t.d.lee at>
>> Reply-To: MailScanner discussion <mailscanner at>
>> To: MailScanner discussion <mailscanner at>
>> Subject: Re: MailScanner as mail proxy
>> On Tue, 31 Oct 2006, Marc Lucke wrote:
>>> I know this is getting off topic.  I know enough about sendmail to be
>>> 99% sure that this question should be on their list.  But any help,
>>> ideas or feedback would be welcome.  I'm guessing the MailScanner
>>> community would have come across my problem on more than 1 occasion.
>>> I run MailScanner on a remote machine to my actual mailserver.  In other
>>> words all mail is relayed via the Mailscanner box.  This is to stop
>>> viruses and spam on the mailserver I have to run which is very limited
>>> in such defenses.  It all works great, apart from one annoying problem:
>>> if someone sends to an unknown email account (as oft occurs) the
>>> MailScanner proxy (for want of a better way to describe it as I'm using
>>> it) first accepts the email, attempts delivery, cannot deliver and then
>>> tries to notify the sender who doesn't exist.  So I'm lumbered with a
>>> billion postmaster non-delivery emails.  I'm keeping up with this quite
>>> well, but I'm scared I'll miss a legitimate message because it's buried
>>> in garbage.
>>> Is there anything I can do to get anything in MailScanner to check with
>>> my destination email server that the actual account exists before
>>> accepting the email in the first place?
>> Even MailScanner would be too late: your overall email system has already
>> accepted the email.  To confirm your last paragraph, for unknown
>> usernames, you really need to refuse to accept the email in the first
>> place.
>> You need to do your "refuse to accept" on your Internet boundary: on the
>> sendmail listener that runs on your remote (MailScanner) box.  A route you
>> probably want to investigate is the "virtuser" table in that remote
>> sendmail listener, and having a maintenance procedure that regularly
>> populates that table with the valid usernames (and other possible valid
>> addresses) on your user-mailserver.
> That is the method that I used to use on MANGO, with a script to mail the 
> updated virtusertable to the gateway machine and then have it processed by 
> another script on arrival.  It works, but is a rather messy approach.  In 
> particular, the virtusertable entries redirect mail from one address to 
> another address, so you have to change the domain names and then have a 
> mailertable entry for the new domain.  However I don't think that sendmail 
> itself offers any alternative approach to this problem.
> As Steve Freegard wrote:
>> You can do this using a sendmail milter . . .
>> there is a free alternative (I've never tried it though, so I can't
>> comment on it's features) at
> I highly recommend it in its latest version, smf-sav v1.4.0.  Not only can
> it be used for recipient verification, it can also do sender verification.
> Earlier versions had some significant drawbacks, but I now run this
> version on a production server and find it extremely useful for SAV and
> RAV. If you want any help offline, please feel free to contact me.  The
> developer, Eugene Kurmanin, is also extremely helpful and responsive (even
> helping me get it running on an ancient RedHat 6.1 box that it was never
> intended to be compiled on).
> Regards
> Jim Holland
> System Administrator
> MANGO - Zimbabwe's non-profit e-mail service
I just have to say, Jim - smf-sav kicks ass.  I've got it running on 2 
Linux servers now & it saves SO much time in postmaster messages and 
spam - it's really incredible.  It's given me a whole chunk of my life back.

Thank you to all on list with suggestions.

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the MailScanner mailing list