MailScanner & CentOS5/Sendmail

David Lee t.d.lee at durham.ac.uk
Fri May 16 10:31:22 IST 2008


On Fri, 16 May 2008, Bernard Lheureux wrote:

> On Fri, 2008-05-16 at 08:41 +0100, Julian Field wrote:
>
> > > After sending a few test emails, I noticed that MailScanner/sendmail doesn't
> > > reject unknown users at the SMTP stage but rather it accepts the email for
> > > delivery and then a DSN is generated afterwards.
> > >
> > > How do you get sendmail to reject at the SMTP stage like postfix does with
> > > "relay_recipients.db"?
> > >
> > You need FEATURE(blacklist_recipients) I think. It is certainly *very*
> > possible and quite simple to do in sendmail. I always thought it did it
> > by default :-)
> You can do it from /etc/mail/access
> [...]

Another method available is sendmail's 'virtusertable' which gives:
   user at foo.com -> id-A at machine-Z
   user at bar.com -> id-B at machine-Y
   a.n.other at baz.org -> id-C at machineX

And (the bit you probably want to know) if the recipient is not in the
left-hand-side of the table then the email is rejected at SMTP stage.
(There are many other details, but this MailScanner-list discussion is
already approaching "off-topic"!)

This 'virtusertable' facility can be useful at large sites with multiple
domains. Our two main domains each have around 25,000 entries.

So we use:
 o  'virtusertable': accept email for known users, reject unknown users
    (with frequent, automated updates from Personnel (HR) databases);
 o  'access': occasional blocking of external things that are bothering
    us (updates relatively infrequent; done by Postmaster).


-- 

:  David Lee                                I.T. Service          :
:  Senior Systems Programmer                Computer Centre       :
:  UNIX Team Leader                         Durham University     :
:                                           South Road            :
:  http://www.dur.ac.uk/t.d.lee/            Durham DH1 3LE        :
:  Phone: +44 191 334 2752                  U.K.                  :


More information about the MailScanner mailing list