need help blocking emails to non-existent users
Julian Field
MailScanner at ecs.soton.ac.uk
Wed Dec 19 22:33:46 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
From the archives....
If you are using Exchange 2003 (or 2007 and have installed the relevant
edge role on your 2007 mailbox server and have enabled the valid
recipient checking, which is all documented in technet), then I would
advise using milter-ahead instead of querying the list of valid
addresses directly, as it's far more reliable.
On Exchange 2003, there is a simple tick-box somewhere (Steve at FSL
might be able to help you there) which enables SMTP-time rejection of
invalid recipients.
On Exchange 2007, you need to install the anti-spam agents on your hub
transport server
http://exchangepedia.com/blog/2006/09/how-to-install-anti-spam-agents-on-hub.html
and then enable the invalid-recipient checks by doing
Set-RecipientFilterConfig -RecipientValidationEnabled:$true
in the Exchange Management Shell.
Then use milter-ahead if you are using sendmail or Postfix, available from
http://www.milter.info/sendmail/milter-ahead/
It will cost you € 90 euros for a site licence for it, but it's well
worth the small investment.
This is a far more robust solution than trying to reliably read, parse
and process all the Active Directory entries, which may be out of date
on newly-created accounts, and require far more long-term maintenance
than my solution above, which you can just setup and leave alone.
Can someone add this to the wiki please?
Thanks!
Hope that helps get you going,
Jules.
Joey Marino wrote:
> I am currently running a mailscanner box on centos using sendmail that
> relays to my exchange server. I am trying to block email to
> non-existent users at the smtp level on the MX. I understand I have to
> somehow update sendmail with existent users in the active directory
> possibly using ldap. I can't seem to find any good documentation on
> how to do this. Many entries in the archive point to
> http://www.mailscanner.info/serve/cache/270.html but this doesn't
> exist anymore. I also found a sketchy bash script at
> http://the-jer.spaces.live.com/blog/cns!E4FBBD09FA146AF!128.entry
> <http://the-jer.spaces.live.com/blog/cns%21E4FBBD09FA146AF%21128.entry>
> but I don't like this approach either. I want to do all the work on
> the gateway. Can somebody point me to some good documentation or a
> healthy script that I could use to accomplish this?
>
> --
> Joey Marino
Jules
- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.7.0 (Build 867)
Comment: Use Thunderbird's Enigmail add-on to verify this message
Charset: windows-1252
wj8DBQFHaZxMEfZZRxQVtlQRAqg9AJwJRVXilR9BXD9rjOgNa490ZP3gcgCg9T0E
4oe8x/ecQrenasYP6/mPtq0=
=rnRh
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list