OT: Sendmail gateway using mailertable and access db

Mike Tremaine mgt at stellarcore.net
Wed Nov 22 22:40:42 GMT 2006

> OT: Sendmail gateway using mailertable and access db
> Hi All,
> I have a MailScanner box (CentOS 4) with sendmail-8.13.1-3 acting gateway in front of an Exchange server (Not my decision). Now all mails for all domains handled are scanned and forwarded to the exchange server. Lately the amount of mail for unknown recipients has exploded over the roof and I need to implement  a quick solution. The server is dying and I don't want to be "that guy" that send undeliverable reports for spam/virus.
> I'm using access db for another installation and it works fine there but the MailScanner box is not a gateway. All mails are delivered locally. Now with a sendmail installation in gateway mode this doesn't work. I have a script that pulls all valid email addresses from the exchange server and want to use access db to block all but my valid users. I have looked at milter-ahead  but I could not figure out if this is the right thing for me.
> My config using test.com as domain and xxx.xxx.xxx.xxx as the Exchange server IP address.
> mailertable:
> test.com smtp[xxx.xxx.xxx.xxx]
> access db:
> test.com     RELAY
> xxx.xxx.xxx.xxx     RELAY
> TO:user at test.com    RELAY
> TO:test.com         ERROR:5.1.1:550 User unknown
> I have no "relay" FEATURE in my sendmail.mc.
> Using this config results in all mails sent to user at test.com are rejected with error 550 User unknown.
> I have read the sendmail documentation regarding access db and tried a lot of different settings (Only TO:, Only Connect:, TO: and Connect:)
> Any idea of how to do this?
>         Jens

Having just gone done this route I can verify it works when you also put the 
domain in /etc/mail/relay-domains without that it will reject.

As far as the LDAP, milter-ahead etc... arguments it seems to me that if you AD 
  does not change very often then the Net::LDAP dump to /etc/mail/access with a 
makemap afterwards is the great low resource solution.

I did this on a domain that was getting 170,000+ emails per day [thanks to this 
recent spam spike] it is now dropping 115,000 at the gateway. No extra ldap 
lookups, no fuss.

Good Luck.


More information about the MailScanner mailing list