Secondary MX user list filter for Sendmail
A colleague asked me offlist about how to make a Sendmail secondary MX properly return 550 for invalid recipient addresses. For smaller sites -- or even larger sites if the list is autogenerated and the access_db uses "btree" storage (it's rather fast) -- the below solution will do just that. ===== In your secondary MX's sendmail.mc, add the following FEATUREs if you don't already have them. FEATURE(`access_db')dnl FEATURE(`blacklist_recipients')dnl Rebuild your sendmail.cf from this, and then put entries like the following in your /etc/mail/access file (assuming "foo.com" is your domain). I'm also assuming that "foo.com" is already in /etc/mail/relay-domains (or /etc/mail/sendmail.cR depending on your sendmail install), so that relayed mail can get through. userone@foo.com RELAY usertwo@foo.com RELAY To:foo.com "550 User unknown" The RELAY lines designate explicitly allowed recipient addresses for relaying to the primary MX. The To:...550 line, which requires the "blacklist_recipients" feature, is a fallback rule that matches after the email addresses and returns the expected "User unknown" error. Now rebuild your access.db file, restart sendmail, and voila, you have a secondary MX explicit user list. -- -- Todd Vierling <tv@duh.org> <tv@pobox.com>
Todd Vierling wrote:
A colleague asked me offlist about how to make a Sendmail secondary MX properly return 550 for invalid recipient addresses.
[snip] For those with an LDAP directory containing mailbox information, I'd recommend using sendmail's built-in LDAP capabilities. I've found it a good way to test for existence of mailboxes at border MTAs. My example (NOTE: I've pulled out the LDAP stuff from a rather complex .mc file, and it can be done in a more straightforward way without all of the other hacks I'm simultaenously supporting in my rulesets), LOCAL_CONFIG Kldap_rcpt ldap -b dc=example,dc=com -h directory.example.com -T<TMPF> -v mail -k (&(objectClass=inetLocalMailRecipient)(!(inetUserStatus=deleted))(!(inetMailGroupStatus=deleted))(|(mail=%0)(mailAlternateAddress=%0)(mailEquivalen tAddress=%0))) LOCAL_RULESETS # Check if local addresses really exist on central server. SLocal_check_rcpt R< $+ > $1 R$+ @ $=R $: $1 @ $2 $| $(ldap_rcpt $1@$2 $: <NOMATCH> $) R$* $| <NOMATCH> $#error $@ 5.1.1 $: 550 User unknown -- Crist J. Clark crist.clark@globalstar.com Globalstar Communications (408) 933-4387 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster@globalstar.com
participants (2)
-
Crist Clark -
Todd Vierling