[Mimedefang] sendmail access.db question

Sven Willenberger sven at dmv.com
Tue Oct 11 14:20:13 EDT 2005

On Thu, 2005-10-06 at 13:08 -0400, Frank Marsolais wrote:
> >"Martin J. Dellwo" wrote:
> >> >
> >> I have implemented an access.db with FEATURE(`access') in sendmail, with
> >> lots of 'To:<someword>@domain.com  REJECT' lines to block unknown users
> >> (or currently unknown but former users).  Does this get checked before
> >> or after MIMEDefang?  How would I distinguish this in the mail syslogs>
> >> (I have pretty high logging level turned on).  If the user is unknown on
> >> the system and would therefore be rejected anyway, am I gaining anything
> >> by using the access.db?
> >To blacklist a recipient, you must have the blacklist recipients feature
> >enabled. If you have blacklist recipients enabled, it would get checked
> >before MIMEDefang.
> >If you really want to blacklist recipients, use the virtusertable -- it
> >is MUCH simpler. In fact, we have found the easiest way to bounce email
> >for any user that does not exist any longer is to list all valid users in
> >the virtusertable, then create an entry such as:
> >@ourdom.com ERROR:5.1.1:"550 No such user in domain ourdom.com"
> >Or, you could explicitly reject a former user by:
> >joe at ourdom.com ERROR:5.1.1:"550 Joe don't live here no more"

Sendmail's default bounce message for blacklisted recipients is "Mailbox
disabled for this recipient" when invoked from the access file. What we
actually do is use blacklist_recipients and then create our access.db
file to resemble:

TO:ourdomain       REJECT
TO:user1 at ourdomain OK
TO:user2 at ourdomain OK
TO:user3 at ourdomain OK

This is especially useful on inbound (MX) machines where the final users
are not local to that machine (and where virtusertable would have to
rewrite the username to have it be delivered to the next hop)


More information about the MIMEDefang mailing list