[Greylist-users] Rejecting Mail to unknown users WAS: Got it working! Now a few more questions

Dennis Wynne DWYNNE at equinoxis.com
Mon Feb 13 13:21:00 PST 2006

I finally got the mail rejection to non-users working. It was quite a chore.

My first thought was to add entries in the access file like this:

To:gooduser1 at domain.com RELAY
To:gooduser2 at domain.com RELAY
To:@domain.com REJECT

but that does not work. Sendmail does not check the USER part until after it 
has checked the DOMAIN part - so it was rejecting all the messages.

Then I tried the virtual users table:

gooduser1 at domain.com	gooduser1 at domain.com
gooduser2 at domain.com	gooduser2 at domain.com
@domain.com			error:5.7.0:550 Address invalid

That sort of worked, sendmail would show the error in maillog but would 
still pass the mail onto the greylist Milter.  I saw some things about 
adding the domains to the a virtual domain file, but that is supposed to 
bypass other checks (like RBLs). I found a snippet only to use this in the 
sendmail.mc file


and put the domains (e.g. domain.com) in the text file virtuser.domains.

This worked, and it started blocking names not in the virtuserstable - the 
trouble is that mail sent to users in the table errorer out with a recursion 
error. Since the LHS and RHS have the same content, it looped for 50 times 
then errored out.

I found another snippet to add these lines to the sendmail.mc file:


and that fixed it.

So if you have a finite number of users, you can list them all in the 
virtuserstable pointing to themselves, add an entry with @domain.com and an 
error messages, and have the system accept only the good users and bounce 
the bad ones - all before greylist kicks in.

I have still trying to get RBLs working. Once I do, the "anti-SPAM" server 
will be ready to go.  I cranked the log level up in sendmail and it does not 
seem that the RBLs are being checked at all.


===== Original Message from greylist-users at lists.puremagic.com (Greylisting 
Users and Developers Discuss) at 2/09/06 9:46 am
>Got the relaydelay script working last night. There were several un-obvious
>(to someone who does not work in LINUX all the time) that had to be done.
>Anyway, a few more questions.
>We only have a small number of users, so on our current mail server have
>the "to" names white-listed and "everything else" blacklisted. This takes a
>huge load off the server when there is a new worm going around that tried
>spread by sending e-mail to somename at yourdomain.com ("bob at domain.com" and
>"fred at domain.com" etc).
>I need to add this to my greylist box, ahead of the relaydelay script - I
>would assume.  No need to add a triplet to the MySQL database that contains
>a "to name" that will never be accepted by the real mail server.
>Is there an easy way to do this?  Keep in mind this server works for
>domain names - so I would like to list the real users like
>"steve at domain1.com" and "david at domain2.com" as valid, and exclude every
>other name - even "steve at domain2.com" if I can.
>I use online blacklists with our current mail server - and it does catch
>quite a few messages (not as many as it used to).  What is an easy way to
>add the online blacklist looking to my new server?
>I would think it would work best if I could do this, in this order:
>1) Make sure the to: of the message is to a real user on one of the domains
>2) Make sure the from IP / from / mail server is not on one of the online
>3) Then hit the relaydelay script to wait to see if the sending server will
>Does this sound correct?
>I am using CentOS 4.2 w/sendmail sendmail-8.13.1-2
>Thanks in advance for any help,
>Greylist-users mailing list
>Greylist-users at lists.puremagic.com

More information about the Greylist-users mailing list