Tuc at T-B-O-H.NET wrote:
Seriously...
How hard is it to setup the MX boxen to only allow 4 email addresses to pass
for that particular domain, rejecting all others in the SMTP conversation?
Unless the customer is dropping BIG DADDY $$$ with you, tell him policy
change and that he isn't losing any email if you do not do a catchall for
his domain
That postmaster thing is a monster. Send the postmaster stuff to that
customer and see how soon they want it turned off
;->
Otherwise do what Kris said and push or pull or whatever all the
validrcptto's out to the MX's
- rh
Hi,
Everyone keeps telling me to push the userlist out to the
MX. This isn't possible, since everything is handled in virtusertable.
So then they tell me to push the virtusertable out to the MX's.
So I've asked multiple people multiple times how using sendmail
on an MX thats not a final delivery server how to use the virtusertable
to accept the mail, process against the virtusertable, and then
when the final delivery server is contactable, send it there. Of
what I've read, no one can tell me. Maybe I'm missing a fundamental
fact. Are virtusertables checked during non final delivery MX
handling in sendmail?
The postmaster emails are necessary to be able to find
issues with the systems before clients do. I've caught issues
with disks going bad, perl updates gone wrong, memory problems,
and the most recent was that a client was having email sent
directly to their ISP, who finally decided I was a spammer. The
"5 days worth of attempts" finally expired and I started seeing
all the upchuck from the system. If I turn postmaster bounce off,
I lose that. But yea, it might become something I have to do.
Lose the ability to monitor things happening on my systems in
the name of spam.
I think the issue most people are having is that they
have the luxury that every MX in their list is a final delivery
host. We don't. MX's for us fall under the heading of "If the
sole final delivery host is too overburdened, or is down
for maintenance, hold the mail atleast until it comes back".
That REALLY REALLY worked well for us when the datacenter we
were at in NYC went down during 9/11 because the National
Guard stopped a fuel delivery truck for an hour. Our MX
was uptown. When we finally came back online.
In any case, if someone can explain the mechanics
of having a sendmail MX that is not the final delivery server
do localized verification against something and then pass
it along to the final delivery server please let me know.
Its not that I don't want to do any of this all, its that
from what I know, at last look, the virtusertable is only
consulted during final delivery.
Thanks, Tuc
You can do this in the access table. You say you only have 4 users, so
it isn't going to be much work. Otherwise you can install smf-sav to do
the call ahead. I'd probably just do the manual method into the access
table however. We have several mx's to several backends and use
redundant LDAP to do our lookup and routing.
