How to Filter junk by valid accounts

Jim Holland mailscanner at mango.zw
Mon Oct 16 19:17:03 IST 2006 

On Mon, 16 Oct 2006, Michael Baird wrote:

> On Mon, 2006-10-16 at 08:59 -0500, Carr, Daryl B. wrote:
> > Hello,
> > 
> > What is the best way to filter email addresses as "valid" with sendmail.
> > We have recently experienced a large increase in junk email resulting in
> > the mqueue.in becoming very large (>400,000).
> > 
> > I have investigated LDAP, NIS, lists of names, etc.
> > 
> > Please point me in the best direction.
> > 
> > Thank you!
> 
> This must be somesort of mail gateway that forwards to an internal mail
> server? You are looking to do recipient address verification. If this is
> a case, probably your best bet is a milter to call your internal servers
> and verify the recipients. I'm using this milter with success
> http://smfs.sourceforge.net/smf-sav.html, but am not using the RAV
> feature, which is apparently what you are looking for.

I have just implemented this milter on a gateway, specifically for 
recipient address verification, and it works very well, although I have a 
few issues that need to be worked out.

On the gateway you list the domains you want to relay for in the sendmail
access file, and put an entry in the mailertable file - just as normal.  
When a connection is made from an external server for a relay domain it
will look at the appropriate entry in the mailertable file and make an
smtp connection to that server to verify if the address is OK.  If it is
OK then mail is accepted, otherwise it is rejected if a negative response
is received, or tempfails if it can't get a positive response.

It will also work with addresses specified in the virtusertable file.

milter-ahead is a commercial alternative that presumably does all the
above in a much more sophisticated manner.

The only problems I have noticed so far are:

	I currently cannot get it to accept mail to local accounts on the
	gateway - they always tempfail.  Bad in principle, but not
	too serious in my situation as there is virtually no external
	mail to local accounts on the gateway.  There must be a solution!

	If an address is rejected by the server listed in mailertable
	the response is always the same: "550 5.1.1 Sorry, no mailbox
        here by that name".  That is rather misleading if there is
	another reason, such as a full mailbox.  For the moment I have
	changed that message in the source to be more inclusive.

	Although it is failsafe, in that if the socket fails then
	sendmail will just accept all incoming mail, it cannot
	cleanly reload its configuration file without shutting down
	MailScanner/sendmail first and waiting for a while before
	restarting both.

Regards

Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service

More information about the MailScanner mailing list