5.1.1 User unknown bounces

Daniel Eckl deckl at nero.com
Tue Sep 12 03:15:50 EDT 2006 


Andrew Morgan wrote:
> On Sat, 9 Sep 2006, Dave McCracken wrote:
> 
>> On Saturday 09 September 2006 9:19 am, Kjetil Torgrim Homme wrote:
>>> On Fri, 2006-09-08 at 10:45 -0700, Andrew Morgan wrote:
>>>> Otherwise, just let Sendmail queue the message and attempt to
>>>> deliver the
>>>> message to Cyrus.  If the user does not exist, Cyrus will let Sendmail
>>>> know during the LMTP handshake.
>>>
>>> DO NOT DO THIS!  if your Sendmail accepts _all_ possible local parts
>>> during the SMTP transaction, you will be sending out lots of bogus
>>> bounces to addresses abused (joe-jobbed) as senders of spam.
>>
>> I second this emphatically.  I discovered I was sending out thousands of
>> bounce messages per day with this setup.
>>
>> My solution was to go into my sendmail.mc and define
>> "CYRUSV2_MAILER_FLAGS"
>> to be "A@/:|mw".  The default does not have the "w" flag.  This flag
>> tells
>> sendmail to validate the user id on the local machine when it queues
>> the mail
>> for this mailer.  Since I have a small set of valid users it was easy
>> for me
>> to define them all in /etc/passwd.  I'd guess a larger site would want
>> to set
>> up something more complex.
>>
>> The key point is that sendmail still has the connection to the sender
>> open
>> when it selects the mailer.  If it detects an error there it responds
>> with an
>> error status to the sending mailer.  If no error is detected, sendmail
>> will
>> close the connection before actually invoking the mailer.  At this
>> point its
>> only recourse is to send bounce mail.
> 
> To my knowledge, Postfix does not support the socket map protocol for
> verifying a mailbox exists during the SMTP transaction.  I guess the
> Postfix users are just screwed on this then.  :)
> 
> In our case, our campus mail relays (6 of them currently) accept mail
> for all domains on campus and perform RBL and spam tagging before
> relaying the messages to their final destinations.  You'll have to live
> with the bounce messages coming from our domain.  :P
> 
>     Andy

Hi Andy! Hi Dave!

I stated this in my last mail already:

If the cyrus users are in a mysql database, then postfix with mysql
support CAN verify if mailbox exists.

> cat /etc/postfix/mysql-mailboxes.cf
#
# mysql config file for local recipient maps lookups on postfix
# comments are ok.
#

# the user name and password to log into the mysql server
# hosts = unix:/var/lib/mysql/mysql.sock localhost
hosts = unix:/var/lib/mysql/mysql.sock
user = XXXXXXX
password = XXXXXXX

# the database name on the servers
dbname = mail

# the table name
table = virtual

select_field = alias
where_field = alias

More information about the Info-cyrus mailing list