From: Magnus Bäck (magnusdsek.lth.se)
Date: Sun Jul 02 2006 - 15:22:01 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sunday, July 02, 2006 at 22:05 CEST,
     Chris McKeever <techjedigmail.com> wrote:

> I must be missing something from A->C. I just read the above mentioned
> thread.
>
> 1) If a user doesnt exist, you want to notify the sender of this - correct??

Yes. You want to notify the sender by rejecting the message at your
network perimeter. That way the server connecting to your perimeter
becomes responsible for sending the bounce.

> 2) If a spammer sends as someone else to a non-existant user on your
> system (barirng IP block or sender verification), you will inevitably
> send a message to the spoofed sender based on 1)

No, not if you reject the message.

> 3) If the server setup rejects mail that isnt destined for a 'relay'
> or local domain, then that stops that component of mail from coming in

Yes.

> 4) IF the last piece of the virtual expansion is a LDAP lookup which
> only returns valid users, since anything that is performed (aka
> rewritten) prior to that will recursively get to the LDAP lookup
> doesnt that handle all recipient validation (assuming I understand 1
> above correctly)

You must separate these two cases:

   a) Alias expansion performed by cleanup(8). This is recursive and
      takes place after the message has been accepted.
   b) Recipient address validation performed by smtpd(8). This is NOT
      recursive and takes place during the SMTP conversation in order
      to be able to reject invalid recipients. Address tables are looked
      up a single time, and if that lookup returns a result the address
      is deemed valid.

[...]

--
Magnus Bäck
magnusdsek.lth.se

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]