[CentOS] sendmail mail relay backscatter issue.

Fri Feb 5 12:31:19 UTC 2010
Kai Schaetzl <maillists at conactive.com>

Simon Billis wrote on Fri, 5 Feb 2010 11:06:36 -0000:

> I am queuing and delivering using mailertable currently

I figured something along this line.

- hence the issue
> with backscatter as some of the domains do not have catch-all accounts.

Not to mention the extra stress on your system for scanning mails that won't 
get delivered, anyway. I very much encourage moving away from catch-alls at 
all. Sometimes it's impossible, but I found that most clients use only a few 
addresses and can go easily without catch-all. This can reduce the number of 
mails you have to process dramatically.

I am
> able to produce a list of valid email accounts and domains without a
> catch-all account so I should be able to create a virtusertable with the
> required entries to either accept all mail for a domain and then forward it
> to a specific account (the catch-all account) or to only accept mail for a
> specific account and then forward it to the same address (is this valid?) by
> again using mailertable(?).

If you go to virtusertable you don't need mailertable at all, it may even be 
counterproductive/not usable I guess (I'm now mostly using postfix, so my ad-
hoc experience with sendmail and mailertable is somewhat dated). But you have 
to explicitly list all target addresses. Something you didn't need to do 
before. That is what I wanted to point out earlier.
You specify the forwarding address and that's it. You can then either specify 
a catch-all (just the domain) with an error code or don't specify any. Unless 
it matches a local alias/user there's then no way to deliver it, so it will 
get rejected.

I think that using access.db and relay-domains
> may also work as needed.

I've never used access.db for relaying/local domains, I always relied on 
relay-domains. I'm not sure, but I think sendmail takes the first match and 
then stops scanning access.db. So you might be able to use something like 
this:
To:user1 at domain OK (or RELAY)
To:user2 at domain OK
domain REJECT

and then keep your current mailertable method (no need for virtusertable) or 
use virtusertable expandable forwarding addresses. It's possible, though, that 
the order gets changed in the compiled map file. Maybe Les knows that better.
If that works it might be the best method as it rejects at the first possible 
processing step.

Kai

-- 
Get your web at Conactive Internet Services: http://www.conactive.com