[Greylist-users] Rejecting Mail to unknown users WAS: Got it working! Now a few more questions
DWYNNE at equinoxis.com
Mon Feb 13 13:21:00 PST 2006
I finally got the mail rejection to non-users working. It was quite a chore.
My first thought was to add entries in the access file like this:
To:gooduser1 at domain.com RELAY
To:gooduser2 at domain.com RELAY
but that does not work. Sendmail does not check the USER part until after it
has checked the DOMAIN part - so it was rejecting all the messages.
Then I tried the virtual users table:
gooduser1 at domain.com gooduser1 at domain.com
gooduser2 at domain.com gooduser2 at domain.com
@domain.com error:5.7.0:550 Address invalid
That sort of worked, sendmail would show the error in maillog but would
still pass the mail onto the greylist Milter. I saw some things about
adding the domains to the a virtual domain file, but that is supposed to
bypass other checks (like RBLs). I found a snippet only to use this in the
and put the domains (e.g. domain.com) in the text file virtuser.domains.
This worked, and it started blocking names not in the virtuserstable - the
trouble is that mail sent to users in the table errorer out with a recursion
error. Since the LHS and RHS have the same content, it looped for 50 times
then errored out.
I found another snippet to add these lines to the sendmail.mc file:
and that fixed it.
So if you have a finite number of users, you can list them all in the
virtuserstable pointing to themselves, add an entry with @domain.com and an
error messages, and have the system accept only the good users and bounce
the bad ones - all before greylist kicks in.
I have still trying to get RBLs working. Once I do, the "anti-SPAM" server
will be ready to go. I cranked the log level up in sendmail and it does not
seem that the RBLs are being checked at all.
===== Original Message from greylist-users at lists.puremagic.com (Greylisting
Users and Developers Discuss) at 2/09/06 9:46 am
>Got the relaydelay script working last night. There were several un-obvious
>(to someone who does not work in LINUX all the time) that had to be done.
>Anyway, a few more questions.
>We only have a small number of users, so on our current mail server have
>the "to" names white-listed and "everything else" blacklisted. This takes a
>huge load off the server when there is a new worm going around that tried
>spread by sending e-mail to somename at yourdomain.com ("bob at domain.com" and
>"fred at domain.com" etc).
>I need to add this to my greylist box, ahead of the relaydelay script - I
>would assume. No need to add a triplet to the MySQL database that contains
>a "to name" that will never be accepted by the real mail server.
>Is there an easy way to do this? Keep in mind this server works for
>domain names - so I would like to list the real users like
>"steve at domain1.com" and "david at domain2.com" as valid, and exclude every
>other name - even "steve at domain2.com" if I can.
>I use online blacklists with our current mail server - and it does catch
>quite a few messages (not as many as it used to). What is an easy way to
>add the online blacklist looking to my new server?
>I would think it would work best if I could do this, in this order:
>1) Make sure the to: of the message is to a real user on one of the domains
>2) Make sure the from IP / from / mail server is not on one of the online
>3) Then hit the relaydelay script to wait to see if the sending server will
>Does this sound correct?
>I am using CentOS 4.2 w/sendmail sendmail-8.13.1-2
>Thanks in advance for any help,
>Greylist-users mailing list
>Greylist-users at lists.puremagic.com
More information about the Greylist-users