Hi all,

I have a server acting as a gateway between the internet and the local
lan which relays mail for about 20 domains to a server on the local lan
which acts as the final destination for these domains.

I am getting tons of spam coming in for users who don't exist,. The
problem is that the lan server tells the gateway machine that the users
doesn't exist and the mail is then deferred on the gateway pc resulting
in a massive queue as well as bandwidth problems as the gateway pc
tries to reply to the bogus senders.

Is there a way to simply delete mail for users who don't exist instead
of deferring it and letting it sit in the queue?


Thanks in advance
Dominic.

On Mon, 22 Jan 2007 23:27:58 -0800 dombid wrote:

> Hi all,
>
> I have a server acting as a gateway between the internet and the local
> lan which relays mail for about 20 domains to a server on the local lan
> which acts as the final destination for these domains.
>
> I am getting tons of spam coming in for users who don't exist,. The
> problem is that the lan server tells the gateway machine that the users
> doesn't exist and the mail is then deferred on the gateway pc resulting
> in a massive queue as well as bandwidth problems as the gateway pc
> tries to reply to the bogus senders.

outsch

> Is there a way to simply delete mail for users who don't exist instead
> of deferring it and letting it sit in the queue?

There is only 1 single correct way to solve this situation:

Let the gateway Sendmail know about each and any valid user address on the
inside and let it _reject_ everything else. So create a virtusertable with
all existing mail addresses and use catch-all entries to reject non
existing with a correct DSN.
Do NOT ever first-hand accept a mail on the gateway MTA if it can't decide
if the address is existing behind it.

> Thanks in advance
> Dominic.

Alexander


--
Alexander Dalloz | Löhne, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp
Serendipity 09:58:01 up 1 day, 11:00, load average: 0.24, 0.28, 0.15

Alexander Dalloz <adalloz@arcor.de> writes:

> On Mon, 22 Jan 2007 23:27:58 -0800 dombid wrote:
>
>> Hi all,
>>
>> I have a server acting as a gateway between the internet and the local
>> lan which relays mail for about 20 domains to a server on the local lan
>> which acts as the final destination for these domains.
>>
>> I am getting tons of spam coming in for users who don't exist,. The
>> problem is that the lan server tells the gateway machine that the users
>> doesn't exist and the mail is then deferred on the gateway pc resulting
>> in a massive queue as well as bandwidth problems as the gateway pc
>> tries to reply to the bogus senders.
>
> outsch
>
>> Is there a way to simply delete mail for users who don't exist instead
>> of deferring it and letting it sit in the queue?
>
> There is only 1 single correct way to solve this situation:
>
> Let the gateway Sendmail know about each and any valid user address on the
> inside and let it _reject_ everything else. So create a virtusertable with
> all existing mail addresses and use catch-all entries to reject non
> existing with a correct DSN.
> Do NOT ever first-hand accept a mail on the gateway MTA if it can't decide
> if the address is existing behind it.

Alexander wrote about one way: making sendmail keep list of valid email
addresses in internal domains.
It has a few sub-variants
+ virtusertable with _VIRTUSER_STOP_ONE_LEVEL_RECURSION_ *OR* RHS=!
+ access table entries
+ ldap_routing (can use hash maps instead of LDAP lookups)

Another methods ask internal servers:
+ special milters to verify envelope recipient by "SMTP callout" to
internal servers [but some servers deploy accept now send bounces later]
+ LDAP queries to internal servers address books [but only some servers
provide it]

--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Before You Ask: http://anfi.homeunix.net/sendmail/B4UAsk-Sendmail.html
http://anfi.homeunix.net/sendmail/

On Tue, 23 Jan 2007 10:15:08 +0100 Andrzej Adam Filip wrote:

> Alexander wrote about one way: making sendmail keep list of valid email
> addresses in internal domains.

Thanks Andrzej. I noted just one possibility by naming virtusertable.

> It has a few sub-variants
> + virtusertable with _VIRTUSER_STOP_ONE_LEVEL_RECURSION_ *OR* RHS=!
> + access table entries
> + ldap_routing (can use hash maps instead of LDAP lookups)
>
> Another methods ask internal servers:
> + special milters to verify envelope recipient by "SMTP callout" to
> internal servers [but some servers deploy accept now send bounces later]
> + LDAP queries to internal servers address books [but only some servers
> provide it]

Shouldn't we add this to the www.sendmail.org/faq as this kind of
problem / question comes up frequently?

Cheers

Alexander

P.S. Glad to see that kept your anfi.homeunix.net up


--
Alexander Dalloz | Löhne, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp
Serendipity 12:10:31 up 1 day, 13:13, load average: 0.19, 0.27, 0.25

Alexander Dalloz wrote:
> Shouldn't we add this to the www.sendmail.org/faq as this kind of
> problem / question comes up frequently?

I'll second that motion to add this to the FaQ if it is not already
there. (It's been a long time sense I last looked at it to know if it
has been added or not.)



Grant. . . .