This can be a complex issue in the end, but its a simple enough question.
First some background:
Ever run a courier server (of course!), and have SMTP off for anyone not authorized in the accept domains list (of course as well!), and yet still get HUNDREDS of spammers ~trying~ to use your server for relay?
You can do whatever you want to do, but you will always have attempted relay runs. The only remaining issue is whether your mail server is an open relay, or not.
I have, and am. Our email server had a nasty hiccup in DNS for a day, and the backlog got so massive that its taken 24 hours for it to clear out.
Watching the screen race by under "tail -f /var/log/maillog", I notice a crudload of deferrers and access denies for all sorts of junk mail accounts
Your impression is incorrect. If the connecting E-mail client is trying to relay without authorization, the attempt is rejected with a permanent "Relaying denied" error code, which is a permanent failure, and not a deferral. Of course, nothing stops the spamware from trying again, on the unlikely chance that it will succeed the next time.
that do not exist on our servers, or any of our clients. Its quite crazy really. The one that gets me is the 50 lines that shoot through ever few minutes to "[EMAIL PROTECTED]". ?!
Anyhow... I've come to the conclusion that I want to squelch all this outgoing deferrals.
So the big question to ask:
Is this possible?
What exactly is possible? Projecting a mind ray-beam that prohibits spammers from even trying to relay through your mail server? I wish that it was possible. Unfortunately, the only thing anyone can do is to refuse unauthorized relaying attempts, and in the extreme cases firewall the offenders' IP addresses at the router.
I wish to have courier simply "throw out" anything that it would normally not deliver or relay.
There's nothing to throw out. An unauthorized relay attempt is rejected, and that's the end of the story.
All our clients know how to use our server, and an error is just more traffic on the internet to bounce around.
I'm not so much concerned on the actual "Failure" notices that go out, but rather all the deferrals.
There are no deferrals, and there are no "failure notices", when it comes to unauthorized relaying attempts. Unauthorized relay attempts are rejected up front. What are you talking about?
Those tend to just pile up, because they keep coming back until so many deferrals have been reached that it sends a Failure. Quite annoying.
Scenario: spammer sends mail out trying to use your machine, machine goes WTF NO! and instead deffers the message,
No, it doesn't. It rejects the message, as an unauthorized relay attempt.
From this point on your alleged scenario becomes incomprehensible. Whateveryou think is happening, is not.
Rather than offering your intepretation on what's going on with your machine, a much better idea is to actually post the mail logs in question.
pgp00000.pgp
Description: PGP signature
