5.1.1 User unknown bounces

[Simon Matter]

> On Sat, 9 Sep 2006, Dave McCracken wrote:
>
>> On Saturday 09 September 2006 9:19 am, Kjetil Torgrim Homme wrote:
>>> On Fri, 2006-09-08 at 10:45 -0700, Andrew Morgan wrote:
>>>> Otherwise, just let Sendmail queue the message and attempt to deliver
>>>> the
>>>> message to Cyrus.  If the user does not exist, Cyrus will let Sendmail
>>>> know during the LMTP handshake.
>>>
>>> DO NOT DO THIS!  if your Sendmail accepts _all_ possible local parts
>>> during the SMTP transaction, you will be sending out lots of bogus
>>> bounces to addresses abused (joe-jobbed) as senders of spam.
>>
>> I second this emphatically.  I discovered I was sending out thousands of
>> bounce messages per day with this setup.
>>
>> My solution was to go into my sendmail.mc and define
>> "CYRUSV2_MAILER_FLAGS"
>> to be "A@/:|mw".  The default does not have the "w" flag.  This flag
>> tells
>> sendmail to validate the user id on the local machine when it queues the
>> mail
>> for this mailer.  Since I have a small set of valid users it was easy
>> for me
>> to define them all in /etc/passwd.  I'd guess a larger site would want
>> to set
>> up something more complex.
>>
>> The key point is that sendmail still has the connection to the sender
>> open
>> when it selects the mailer.  If it detects an error there it responds
>> with an
>> error status to the sending mailer.  If no error is detected, sendmail
>> will
>> close the connection before actually invoking the mailer.  At this point
>> its
>> only recourse is to send bounce mail.
>
> To my knowledge, Postfix does not support the socket map protocol for
> verifying a mailbox exists during the SMTP transaction.  I guess the
> Postfix users are just screwed on this then.  :)

You could easily run a cron job on the cyrus-imapd server(s) and create
user/mailbox lists, scp them to the postfix relays and use the files there
to decide which mail to accept. That way you can also greatly reduce the
load on spam tagging servers and also reduce bounces to a minimum. In our
case the file looks like this:

user1 at domain.tld    OK
user2 at domain.tld    OK

and it's configured like this in main.cf:

relay_recipient_maps = hash:/etc/postfix/relay_recipients

Regards,
Simon

>
> In our case, our campus mail relays (6 of them currently) accept mail for
> all domains on campus and perform RBL and spam tagging before relaying the
> messages to their final destinations.  You'll have to live with the bounce
> messages coming from our domain.  :P
>
>  	Andy----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html