Possible sendmail misconfiguration to deliver to cyrus

websrvr websrvr at macftphttp.serverbox.org
Sun Dec 3 23:37:52 EST 2006


On Dec 3, 2006, at 22:58:02, Todd Lyons wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I'm looking at a cyrus limitation right now.  I'm really thinking this
> is not cyrus' problem.  I'm trying to figure out if it's actually a
> sendmail limitation or a sendmail config error on my part.
>
> The problem I'm working through became illuminated when some spammer
> used one of our domains as the Return-Path for the spams.  The mail
> server crashed due to crippling load.  It was aggravated when they did
> it several days in a row.

Unfortunately I have little respect for people who bounce spam  
because it's not the correct thing to do and in essence are spamming  
you because they aren't intelligent enough to do some checking of  
their own.

If they wish to bounce the mail, they should at least check the TLD  
to ensure they are returning the e-mail to the server it came from or  
discard the e-mail.

> Let's say my domain is domain.com (in local-host-names).  I have a  
> user
> todd on it.  It's an older box with updates manually applied so it has
> sendmail 8.12.10 and cyrus imap 2.1.16.  You can connect to my server
> and send emails to *@domain.com and it will do all virus and spam
> scanning BEFORE it passes it cyrus, which then reports "Data Format
> Error" because the user doesn't exist.  I have been googling and  
> looking
> at m4 code and trying to figure out what I can do to make sendmail  
> check
> the user at SMTP connect time the way it does if I configure  
> sendmail to
> deliver to a regular mbox mail spool.

Just a thought but what about installing postfix and dropping  
sendmail as your MTA?

It has the ability to authenticate users with cyrus-sasl along with a  
lot of additional features that may be useful and works well with  
amavisd-new or maia mailguard.

> Here's what's in my sendmail.mc:
> [root at lunar root]# tail -n 7 /etc/mail/sendmail.mc
> MAILER(cyrus)dnl
> define(`confLOCAL_MAILER',`cyrus')dnl
> LOCAL_RULE_0
> R$=N                    $: $#local $: $1
> R$=N < @ $=w . >        $: $#local $: $1
> Rbb + $+ < @ $=w . >    $#cyrusbb $: $1
>
> I did a little testing, here's what I've found:
> 1) With none of the lines above (goes to regular mbox mail spool),  
> if I
> attempt to send mail to asdf at domain.com, sendmail reports User unknown
> at SMTP connect.
> 2) With only the MAILER line above (still goes to regular mbox mail
> spool), if I attempt to send mail to asdf at domain.com, sendmail reports
> User unknown at SMTP connect.
> 3) With the MAILER and the define (delivers to cyrus mail boxes), if I
> attempt to send mail to asdf at domain.com, sendmail doesn't report that
> the user is unknown, it does all spam and virus scanning, and only  
> when
> it passes the email to cyrus deliver does it finally figure out  
> that the
> user doesn't exist.
>
> Is the above m4 code appropriate?  Is there something obvious I'm
> missing?  Any URLs or suggestions or comments are appreciated.
>
> My rudimentary understanding of sendmail macros makes me think that
> instead of checking for users locally, it's checking for user cyrus
> locally (which always succeeds), so the email is accepted for any  
> user.
> If it's a problem with the older version of sendmail that I'm using,
> then I apologize in advance, but a pointer in that direction would be
> most appreciated.
> - --
> Regards...		Todd

-- Dale


More information about the Info-cyrus mailing list