Tim Litwiller <[EMAIL PROTECTED]> said:
> Darrell, after your fix could you try a setting a machine to send > undeliverables to the admin and see if that works. Hi Tim. This is the exact beast we are trying to prevent from running wild. Here is what currently happens: '60AllowLocalDomains' is set to allow any e-mail through the system as long as the domain name matches any of your local domains. This unfortunately accepts mail to unknown/invalid e-mail addresses and forwards these messages through your system for processing. A very bad practice as for every unknown/invalid address this mean the message will process through your virus scanner, qmail, admin mailbox, procmail, spam filter etcetera generating cpu usage as qmail issues an error report, sends the bounce message and then the 'the bounce bounced' messages just start to pile in. Multiply this by one report where the admin was seeing 5-10 messages per minute and you see what a nightmare this becomes. This admin returned after holidays to > 8000 'the bounce bounced' messages. Then consider that this admin pays for Internet traffic! I have rewrote the 60AllowLocalDomains changing the logic, stated in plain English from, check for valid '*@domain' - to - check for valid 'user@domain' If the message is for a known/valid user@domain, (the one's we care about) but for whatever reason is undeliverable, (userquota reached, damaged mailbox) the normal qmail process will take place. However, if the message is for an unknown/invalid user@domain (the one's we don't care about) it is dropped at the smtp connection and not sent for processing through the system. The sender receives the standard smtpd_check_rules error reply generated from the existing '99NotoCatchAll' fragment. Qmail does not get involved. Admin mailbox does not explode with unnecessary error and the bounce bounced reports. In addition, as an admin, you may always review your maillog (at your convenience) to view the unknown/invalid user@domain message traffic being dropped. Hope this helps to more clearly explain. If I may request, I would ask everyone please take a look at my contrib rpm and become aquainted with your smtpd_check_rules. My rpm installs only one file (60AllowLocalDomains) into templates-custom. Issuing a signal-event email-update is all that is required to expand the template and test this new fragment. Very safe to test. Very easy to remove and return to the original fragment. I have this 'live' on my production server and a few clients that had an immediate need for a fix. We are all reporting positive results. However if _anyone_ has a better idea, I'm always ready to listen and learn. Regards, -- Darrell May DMC Netsourced.com http://netsourced.com http://myEZserver.com -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
