[Mimedefang] filter_recipient questions
Jeff Rife
mimedefang at nabs.net
Fri Apr 28 13:02:19 EDT 2006
On 28 Apr 2006 at 9:18, Matthew.van.Eerde at hbinc.com wrote:
> Dirk the Daring wrote:
> > What I'd like to add is something to check validity of local
> > recipients
>
> Export the list of valid email addresses from your destination MTA
> periodically, build an access map, and sendmail takes care of
> rejecting invalid recipients before MIMEDefang is called.
Actually, no it doesn't. Invalid recipients *still* get passed on to
the milter (maybe only if you have "delay_checks" enabled, but you need
this to allow AUTH to be used from otherwise blacklisted IPs, so most
people seem to have it set up).
Sendmail will do the right thing and reject a bad address at the SMTP
phase if your milter doesn't do it, but that only means that the
address isn't:
- a local user (as defined by whatever PAM mech you use)
- the left-hand side of an alias
- the left-hand side of a virtusertable entry
Sendmail doesn't do any more checking to see if the address is valid.
Thus, if something ends up aliasing to something not deliverable,
sendmail eventually has to send a bounce e-mail (instead of a reject
during the SMPT conversation). This is what the OP wanted to avoid,
and I suspect why he said "other than using
md_check_against_mx_server", since that uses identical logic if the
endpoint server is running sendmail. The logic is similar if the
server is running Exchange, too...it only checks to see if the address
is pointing to a mail-enabled object. That object can then forward it
to someplace non-deliverable, but Exchange doesn't check this until it
is too late to reject at SMTP.
--
Jeff Rife | "Oooh, I love children...
| they taste like chicken."
|
| -- Heddy Newman, "Herman's Head"
More information about the MIMEDefang
mailing list