MailScanner & CentOS5/Sendmail
David Lee
t.d.lee at durham.ac.uk
Fri May 16 10:31:22 IST 2008
On Fri, 16 May 2008, Bernard Lheureux wrote:
> On Fri, 2008-05-16 at 08:41 +0100, Julian Field wrote:
>
> > > After sending a few test emails, I noticed that MailScanner/sendmail doesn't
> > > reject unknown users at the SMTP stage but rather it accepts the email for
> > > delivery and then a DSN is generated afterwards.
> > >
> > > How do you get sendmail to reject at the SMTP stage like postfix does with
> > > "relay_recipients.db"?
> > >
> > You need FEATURE(blacklist_recipients) I think. It is certainly *very*
> > possible and quite simple to do in sendmail. I always thought it did it
> > by default :-)
> You can do it from /etc/mail/access
> [...]
Another method available is sendmail's 'virtusertable' which gives:
user at foo.com -> id-A at machine-Z
user at bar.com -> id-B at machine-Y
a.n.other at baz.org -> id-C at machineX
And (the bit you probably want to know) if the recipient is not in the
left-hand-side of the table then the email is rejected at SMTP stage.
(There are many other details, but this MailScanner-list discussion is
already approaching "off-topic"!)
This 'virtusertable' facility can be useful at large sites with multiple
domains. Our two main domains each have around 25,000 entries.
So we use:
o 'virtusertable': accept email for known users, reject unknown users
(with frequent, automated updates from Personnel (HR) databases);
o 'access': occasional blocking of external things that are bothering
us (updates relatively infrequent; done by Postmaster).
--
: David Lee I.T. Service :
: Senior Systems Programmer Computer Centre :
: UNIX Team Leader Durham University :
: South Road :
: http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE :
: Phone: +44 191 334 2752 U.K. :
More information about the MailScanner
mailing list