<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Jim Holland wrote:
<blockquote
cite="midPine.LNX.4.44.0610311456110.13630-100000@mail.mango.zw"
type="cite">
<pre wrap="">On Tue, 31 Oct 2006, David Lee wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Date: Tue, 31 Oct 2006 11:47:35 +0000 (GMT)
From: David Lee <a class="moz-txt-link-rfc2396E" href="mailto:t.d.lee@durham.ac.uk"><t.d.lee@durham.ac.uk></a>
Reply-To: MailScanner discussion <a class="moz-txt-link-rfc2396E" href="mailto:mailscanner@lists.mailscanner.info"><mailscanner@lists.mailscanner.info></a>
To: MailScanner discussion <a class="moz-txt-link-rfc2396E" href="mailto:mailscanner@lists.mailscanner.info"><mailscanner@lists.mailscanner.info></a>
Subject: Re: MailScanner as mail proxy
On Tue, 31 Oct 2006, Marc Lucke wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I know this is getting off topic. I know enough about sendmail to be
99% sure that this question should be on their list. But any help,
ideas or feedback would be welcome. I'm guessing the MailScanner
community would have come across my problem on more than 1 occasion.
I run MailScanner on a remote machine to my actual mailserver. In other
words all mail is relayed via the Mailscanner box. This is to stop
viruses and spam on the mailserver I have to run which is very limited
in such defenses. It all works great, apart from one annoying problem:
if someone sends to an unknown email account (as oft occurs) the
MailScanner proxy (for want of a better way to describe it as I'm using
it) first accepts the email, attempts delivery, cannot deliver and then
tries to notify the sender who doesn't exist. So I'm lumbered with a
billion postmaster non-delivery emails. I'm keeping up with this quite
well, but I'm scared I'll miss a legitimate message because it's buried
in garbage.
Is there anything I can do to get anything in MailScanner to check with
my destination email server that the actual account exists before
accepting the email in the first place?
</pre>
</blockquote>
<pre wrap="">Even MailScanner would be too late: your overall email system has already
accepted the email. To confirm your last paragraph, for unknown
usernames, you really need to refuse to accept the email in the first
place.
You need to do your "refuse to accept" on your Internet boundary: on the
sendmail listener that runs on your remote (MailScanner) box. A route you
probably want to investigate is the "virtuser" table in that remote
sendmail listener, and having a maintenance procedure that regularly
populates that table with the valid usernames (and other possible valid
addresses) on your user-mailserver.
</pre>
</blockquote>
<pre wrap=""><!---->
That is the method that I used to use on MANGO, with a script to mail the
updated virtusertable to the gateway machine and then have it processed by
another script on arrival. It works, but is a rather messy approach. In
particular, the virtusertable entries redirect mail from one address to
another address, so you have to change the domain names and then have a
mailertable entry for the new domain. However I don't think that sendmail
itself offers any alternative approach to this problem.
As Steve Freegard wrote:
</pre>
<blockquote type="cite">
<pre wrap="">You can do this using a sendmail milter . . .
there is a free alternative (I've never tried it though, so I can't
comment on it's features) at <a class="moz-txt-link-freetext" href="http://smfs.sourceforge.net/smf-sav.html">http://smfs.sourceforge.net/smf-sav.html</a>.
</pre>
</blockquote>
<pre wrap=""><!---->
I highly recommend it in its latest version, smf-sav v1.4.0. Not only can
it be used for recipient verification, it can also do sender verification.
Earlier versions had some significant drawbacks, but I now run this
version on a production server and find it extremely useful for SAV and
RAV. If you want any help offline, please feel free to contact me. The
developer, Eugene Kurmanin, is also extremely helpful and responsive (even
helping me get it running on an ancient RedHat 6.1 box that it was never
intended to be compiled on).
Regards
Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service
</pre>
</blockquote>
I just have to say, Jim - smf-sav kicks ass. I've got it running on 2
Linux servers now & it saves SO much time in postmaster messages
and spam - it's really incredible. It's given me a whole chunk of my
life back.<br>
<br>
Thank you to all on list with suggestions.<br>
<br>
<br>
<br>
Marc
</body>
</html>