5.1.1 User unknown bounces
morgan at orst.edu
Mon Sep 11 15:19:17 EDT 2006
On Sat, 9 Sep 2006, Dave McCracken wrote:
> On Saturday 09 September 2006 9:19 am, Kjetil Torgrim Homme wrote:
>> On Fri, 2006-09-08 at 10:45 -0700, Andrew Morgan wrote:
>>> Otherwise, just let Sendmail queue the message and attempt to deliver the
>>> message to Cyrus. If the user does not exist, Cyrus will let Sendmail
>>> know during the LMTP handshake.
>> DO NOT DO THIS! if your Sendmail accepts _all_ possible local parts
>> during the SMTP transaction, you will be sending out lots of bogus
>> bounces to addresses abused (joe-jobbed) as senders of spam.
> I second this emphatically. I discovered I was sending out thousands of
> bounce messages per day with this setup.
> My solution was to go into my sendmail.mc and define "CYRUSV2_MAILER_FLAGS"
> to be "A@/:|mw". The default does not have the "w" flag. This flag tells
> sendmail to validate the user id on the local machine when it queues the mail
> for this mailer. Since I have a small set of valid users it was easy for me
> to define them all in /etc/passwd. I'd guess a larger site would want to set
> up something more complex.
> The key point is that sendmail still has the connection to the sender open
> when it selects the mailer. If it detects an error there it responds with an
> error status to the sending mailer. If no error is detected, sendmail will
> close the connection before actually invoking the mailer. At this point its
> only recourse is to send bounce mail.
To my knowledge, Postfix does not support the socket map protocol for
verifying a mailbox exists during the SMTP transaction. I guess the
Postfix users are just screwed on this then. :)
In our case, our campus mail relays (6 of them currently) accept mail for
all domains on campus and perform RBL and spam tagging before relaying the
messages to their final destinations. You'll have to live with the bounce
messages coming from our domain. :P
More information about the Info-cyrus