5.1.1 User unknown bounces

[Andrew Morgan]

On Sat, 9 Sep 2006, Dave McCracken wrote:

> On Saturday 09 September 2006 9:19 am, Kjetil Torgrim Homme wrote:
>> On Fri, 2006-09-08 at 10:45 -0700, Andrew Morgan wrote:
>>> Otherwise, just let Sendmail queue the message and attempt to deliver the
>>> message to Cyrus.  If the user does not exist, Cyrus will let Sendmail
>>> know during the LMTP handshake.
>>
>> DO NOT DO THIS!  if your Sendmail accepts _all_ possible local parts
>> during the SMTP transaction, you will be sending out lots of bogus
>> bounces to addresses abused (joe-jobbed) as senders of spam.
>
> I second this emphatically.  I discovered I was sending out thousands of
> bounce messages per day with this setup.
>
> My solution was to go into my sendmail.mc and define "CYRUSV2_MAILER_FLAGS"
> to be "A@/:|mw".  The default does not have the "w" flag.  This flag tells
> sendmail to validate the user id on the local machine when it queues the mail
> for this mailer.  Since I have a small set of valid users it was easy for me
> to define them all in /etc/passwd.  I'd guess a larger site would want to set
> up something more complex.
>
> The key point is that sendmail still has the connection to the sender open
> when it selects the mailer.  If it detects an error there it responds with an
> error status to the sending mailer.  If no error is detected, sendmail will
> close the connection before actually invoking the mailer.  At this point its
> only recourse is to send bounce mail.

To my knowledge, Postfix does not support the socket map protocol for 
verifying a mailbox exists during the SMTP transaction.  I guess the 
Postfix users are just screwed on this then.  :)

In our case, our campus mail relays (6 of them currently) accept mail for 
all domains on campus and perform RBL and spam tagging before relaying the 
messages to their final destinations.  You'll have to live with the bounce 
messages coming from our domain.  :P

 	Andy