[CentOS] sendmail mail relay backscatter issue.

Fri Feb 5 14:22:07 UTC 2010
Simon Billis <simon at houxou.com>

Les Mikesell sent a missive on 2010-02-05:

> Simon Billis wrote:
>> 
>>> The point would be able to include a default reject rule for each
>>> domain, which means that you have to supply valid forwards for all
>>> addresses you don't want to reject at the relay.  (You could default
>>> to forwarding, but that doesn't help with the backscatter issue). But
>>> that doesn't change the ability to queue/deliver except that the relay
>>> has to accept the domains as local to do the virtuser lookup so the
>>> new target has to have a different name for the delivery host.   I'm
>>> not sure how that relates to your distinction between forwarding and
>>> queuing. Sendmail has local and remote addresses, but remote ones all
>>> go through the same steps.
>> 
>> I am queuing and delivering using mailertable currently - hence the
>> issue with backscatter as some of the domains do not have catch-all
>> accounts. I am able to produce a list of valid email accounts and
>> domains without a catch-all account so I should be able to create a
>> virtusertable with the required entries to either accept all mail
>> for a domain and then forward it to a specific account (the
>> catch-all
>> account) or to only accept mail for a specific account and then
>> forward it to the same address (is this valid?) by again using
>> mailertable(?). I think that using access.db and relay-domains may
> also work as needed.
> 
> Sendmail will only look in virtusertable if it considers the address
> local (i.e.
> you've added the target domain to local-host-names).  That means
> you'll have to use some other name for the delivery target in the
> virtusertable expansion side to get it to forward on.  Probably
> whatever you are using in mailertable will work.  You might be able to
> use user@[host.domain] notation or user@[IP_address] there to avoid
> another MX lookup that would come back to the relay - I'm not sure
> about that.  You'll probably have to do some testing with this part
> since it is a fairly drastic change to make the targets local - but
> you can do it one domain at a time.
>

I don't think that this is going to work for me then... I'm not able to
change the envelope address for the onward delivery. The final mail server
will reject the mail if it is not the original email address that I'm
accepting the mail for on the mail scanners. Also I understand from the
documentation that mailertable is not used for class {w}, i.e. local host
names so I think that I'm stuck with the following choices...

1) getting access.db and relay-domains working correctly with:
   (a) the _RELAY_FULL_ADDR_ feature
   (b) without the above feature (which works but without the ability to
send mail from our networks from email addresses in the access.db map but I
think that this is because I need to add specific hosts to the access map.)

2) utilising a milter.

Is this a fair conclusion in your opinion?

Thanks

Simon.