[CentOS] sendmail mail relay backscatter issue. Resolved

Simon Billis simon at houxou.com
Wed Feb 10 16:20:06 UTC 2010


Dear Les et al,

Thanks for your assistance with this thorny issue. I have finally resolved
the problem by utilising the following:

1) I have added to the access map of sendmail all the domains that accept
mail for any user, user at domain for those email accounts that exist and hosts
that are internal to my network which will send mail via these boxes e.g. 
internalhost    RELAY
domain1         RELAY
user at domain2    RELAY
user at domain1    RELAY

2) I then appended to the end of this file reject lines to reject mail to
unknown users e.g.

domain2        REJECT

So now my access map looks like this:
internalhost        RELAY
domain1             RELAY
user at domain2        RELAY
user at sub.domain1    RELAY
domain2             REJECT
sub.domain1         REJECT


3) I created a relay-domains file and added to that all the domains that I
was going to relay for e.g.

domain1
domain2
etc.

4) restarted sendmail (which rebuilt access.db and allowed sendmail to read
in the relay-domains file)

My mail scanners now accept mail for relay/scanning from my internal hosts
to any address, from external hosts to mail accounts that exist and to any
account at a domain that has a catch all account setup. All other mail is
rejected with either "Access denied" or Mailbox for this user is disabled". 

All this was achieved using a shell script to find the domains from the
qmail server (pop host) and parse the .qmail-* files for each domain and
account and build the relevant files. As this is a live service which has
the potential to change this script is run via cron on a regular basis to
catch the changes. Currently on the pop host this takes about 10 mins to run
as it is trawling the filesystem for changes (due to legacy accounts being
manually created outside of out provisioning tools negating the opportunity
to use the database that exists.)

Thanks again for your help and comments, they were and continue to be very
useful.

Rgds

Simon.





More information about the CentOS mailing list