Lorenzo Perone writes:
Hello,
I'm asking here if someone has a strategy suggestion for the following scenario:
I'm using courier as the main SMTP server, and another host running Sendmail as a Backup. The backup MX doesn't know about which accounts exist on the courier MySQL DB, and never will; thus it has to accept all the mail for the specified domains. MX. So far, so good.
What happens is that when someone (mainly spammers, who are always the most informed about mta shortcomings ;)) uses the backup MX for sending to non-existant accounts, the backup MX accepts them, and routes them to the courier server, who rejects them. Especially in case of invalid envelope Senders, the Backup MX postmaster gets spammed with non-delivery messages.
Is there anything I can do to avoid this on the _courier_ side? Ideally, courier would trash messages to invalid recipients originated by the backup MX, leaving the backup MX in peace.
I presume it will be difficult to accomplish, but maybe someone here has dealt with such an issue already and has a smart idea to share...
For example, suppose that you're providing backup MX for domain.com.
Make arrangements with the domain's owner to install an internal hostname alias, such as âinternal.domain.comâ, or âforward.domain.comâ. The primary mail server should be programmed so that any mail received for [EMAIL PROTECTED] gets delivered to [EMAIL PROTECTED]'s mailbox. The hostname âinternal.domain.comâ doesn't even have to be in DNS, it just needs to be recognized by the mail server as a local domain.
On your Courier server, replace âdomain.comâ with âinternal.domain.comâ in esmtpacceptmailfor, and also âinternal.domain.com: [ip.address]â in esmtproutes. If âinternal.domain.comâ hostname has a public A record, esmtproutes does not need to be set up.
Then, create a simple alias file:
[EMAIL PROTECTED]: [EMAIL PROTECTED] [EMAIL PROTECTED]: [EMAIL PROTECTED] â
And so on. Now, Courier will accept mail only for the listed mailboxes and forward it, everything else will be rejected.
If you're handy with scripting you may even automate it by allowing the primary domain's owner to update the alias file by scp-ing it over, and re-running âmakealiasesâ.
The alias file may even be kept in LDAP, in which case you're out of the loop completely. Your own duty would be to set up courierldapaliasd to query the primary domain's LDAP server, and the primary domain is completely responsible for maintaining his own alias table.
pgpBYWhi5I59T.pgp
Description: PGP signature
