OT: Sendmail REJECT or DISCARD preference
Matt Kettler
mkettler at evi-inc.com
Mon Mar 31 19:59:47 IST 2008
Peter Farrow wrote:
> Matt Kettler wrote:
>> Peter Farrow wrote:
>>> Matt Kettler wrote:
>>>> Peter Farrow wrote:
>>>>> Matt Kettler wrote:
>>>>>> Peter Farrow wrote:
>>>>>>
>>>>>>>> Steve.
>>>>>>> If you reject, and its spoofed you'll get it back anyway, so you
>>>>>>> end up receiving and then storing it in the postmaster address,
>>>>>>> it is always best to discard in this scenario...or even worse
>>>>>>> bouncing it again
>>>>>>>
>>>>>>
>>>>>> Stop confusing REJECT with post delivery bouncing :) See my other
>>>>>> post in this thread.
>>>>> I am talking about sendmail access file entries at the MTA
>>>>> level.... nothing else...my point is the general notice supplied in
>>>>> the REJECT directive often ends up coming back round...I've seen it
>>>>> many times..
>>>>
>>>> That's exactly what I'm talking about. I've got several such
>>>> entries, and I've never seen any of them come back. ever.
>>>>
>>>> There's something seriously wrong with your mailserver if this is
>>>> happening.
>>> This is how it works:
>>>
>>> Someone sends a spoofed spam email to one of my clients the other
>>> side of my mailscanner, but they get the address wrong.
>>>
>>> The mailer daemon on the client server rejects the email, (I am the
>>> postmaster for my clients Linux server) with user unknown,
>>
>>
>> Well, duh. That's because the REJECT isn't being implemented at the
>> MX, but a downstream server.
>>
>> In order to avoid the postmaster issue you *MUST* implement this at
>> all of the MXes for the domain.
>>
>> Of course it will cause the problem if a downstream server does a
>> REJECT, because it's being REJECTED after your server accepted it.
>>
>> However, this doesn't make REJECT bad, it just means the REJECT needs
>> to be implemented on YOUR server, not your clients.
>>
>>
>>
>>
>>
> So *duh* no config error then.....
Well, erm.. yes.. it is a configuration error, or at the very least a poor
configuration. The front-end MX for a domain should be able to verify if a
message will be acceptable to the network.
That means you shouldn't have REJECT clauses down at servers being forwarded to,
they need to be at the front end MX.
If you had mentioned you were trying to implement REJECTs on servers being
forwarded to, this conversation would have been very short.
However, to try to claim that REJECT always generates backscatter and floods
your postmaster box is a blatant misrepresentation of facts. You clearly
understand email servers well enough to know that is not true as an unqualified
statement.
Also, you were at the very least telling a half-truth when I questioned if you'd
failed to implement the reject on all your MXes..
-------
> Clearly there's something wrong with your MTA if REJECT is causing stuff to
end up in your postmaster box.
>
> Unless of course you've got a secondary MX which lacks the same REJECT
clause... However, that's just a mistake on the part of configuring your
secondaries.
>
>
>
Not at all...
-------
Clearly you didn't implement it on any of the MXes for the domain, so that
exchange was misleading.
More information about the MailScanner
mailing list