Hello, (first post to group, please don't smite me)

I want to know how to configure a relay sendmail MTA so that it will
reject " RCPT TO: " addresses unless the recipients address is in a
list of known good e-mail addresses. How to do that? What /etc/
mail/?? file do I put those addresses in?

I have a list of e-mail addresses, and I can update that list when
necessary. (I will write a program to do it that get's the list from
the MS-ADS via LDAP query).

I'm a veteran UNIX Sysadmin, but the mail servers were never under my
control because they have always been exchange servers.... Well, that
has changed recently because there are massive amounts of dictionary
spammer attacks against our internet facing SMTP MTA.

I would like to setup a RHEL-5 box with Sendmail, to act as a DMZ
relay for my companies domains. The sendmail box will have the DNS MX
records for the domains pointed at it, and it will receive the
messages and then forward the legitimately addressed ones to the
Exchange Server via SMTP. I think I know how to do this part. We'll
see...

-Ben.

In article <1189633728.505391.162790 [at] w3g2000hsg.googlegroups.com>,
Ben Russo USA <ben [at] muppethouse.net> wrote:

> Hello, (first post to group, please don't smite me)
>
> I want to know how to configure a relay sendmail MTA so that it will
> reject " RCPT TO: " addresses unless the recipients address is in a
> list of known good e-mail addresses. How to do that? What /etc/
> mail/?? file do I put those addresses in?

See http://www.sendmail.org/tips/virtual-hosting.php for one approach.

Another approach that can work is to route the whole domain using the
mailertable, and use the access map (/etc/mail/access.db, typically
generated from /etc/mail/access.txt) to permit specific addresses but
reject by default.

> I have a list of e-mail addresses, and I can update that list when
> necessary. (I will write a program to do it that get's the list from
> the MS-ADS via LDAP query).

If you can get a definitive yes/no on an address that way, you *could*
use it directly. See http://www.sendmail.org/m4/ldap_routing.html for
the canonical approach or a not-quite direct approach linked from
http://lists.mailscanner.info/pipermail/mailscanner/2006-Sep tember/065467
..html


> I'm a veteran UNIX Sysadmin, but the mail servers were never under my
> control because they have always been exchange servers.... Well, that
> has changed recently because there are massive amounts of dictionary
> spammer attacks against our internet facing SMTP MTA.

That would be why you probably do not want one of the other approaches
that uses an actual 'forward' check for deliverability to validate an
address. Those exist, but they amount to "pound Exchange flat"
exercises.

--
Now where did I hide that website...

Hi folks,

Anyone know how I can tell to sendmail (Linux) to allow this kind of email?

reject=451 4.1.8 Domain of sender address user [at] something.com does not
resolve

Thanks

--
Sébastien Roy
Administrateur de Systèmes Senior / Senior System Administrator
PointPub Media Communications Inc. - St-Eustache, Canada

On Sep 12, 11:22 pm, Bill Cole <b... [at] scconsult.com> wrote:

> > I want to know how to configure a relay sendmail MTA so that it will
> > reject " RCPT TO: " addresses unless the recipients address is in a
> > list of known good e-mail addresses.
>
> Seehttp://www.sendmail.org/tips/virtual-hosting.phpfor one approach.
>

Nice tips and I am learning from this, but not exactly the solution
I am trying to achieve.

>
> >Well, that
> > has changed recently because there are massive amounts of dictionary
> > spammer attacks against our internet facing SMTP MTA.
>
> That would be why you probably do not want one of the other approaches
> that uses an actual 'forward' check for deliverability to validate an
> address. Those exist, but they amount to "pound Exchange flat"
> exercises.
>

You got it, "pound the MS server flat" is what I am trying to fix.
So I found what I was looking for here:

http://groups.google.com/group/comp.mail.sendmail/browse_thr ead/thread/ba78d49a70dbe533/c91a94c939e35345?lnk=gst&q=relay +recipients&rnum=3#c91a94c939e35345

The link above had a solution that I have tested and so far it seems
to work exactly as I wanted.
Sorry I didn't find it before I posted...

-Ben.

>From sendmail.mc on my CENTOS-5 box...

dnl # We strongly recommend not accepting unresolvable domains if you
want to
dnl # protect yourself from spam. However, the laptop and users on
computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvable_domains')dnl



On Sep 13, 1:40 pm, Sebastien Roy <Sebastien.... [at] pMedia.CA> wrote:
> Hi folks,
>
> Anyone know how I can tell to sendmail (Linux) to allow this kind of emai=
l?
>
> reject=3D451 4.1.8 Domain of sender address u... [at] something.com does not
> resolve
>
> Thanks
>
> --
> S=E9bastien Roy
> Administrateur de Syst=E8mes Senior / Senior System Administrator
> PointPub Media Communications Inc. - St-Eustache, Canada