Background:
- We have a handful of hosts (running sendmail) acting as the MXs for a few domains each.
- Each domain is handled via the sendmail/cf
/etc/mail/virtusertable, with a set of known recipients and a catch-all reject rule. - Mail to postmaster on each host is aliased to root, and root is aliased to
root+.@ourdomain.com - The MX for ourdomain.com is Google Apps, and
root@ourdomain.comis a simple group that forwards to the admins. - Google Apps will reject some emails at the SMTP stage, usually because of illegal attachments (instead of accepting them and filing them as spam).
Problem:
Given a particular spam email sent to a domain in a virtusertable entry:
- If the recipient address rejects the mail, then sendmail will try and send a DSN to the sender.
- If that sender also rejects the mail (because it's a falsified sender, and the MX for the sender rejects the mail as spam), then sendmail sends a DSN to the postmaster.
- The routing detailed above takes place, and...Google Apps rejects the mail as well.
- sendmail now gives up with a "savemail panic", and leaves the mail in the queue forever.
- Our mail queue fills up with garbage
Is there any way I can get sendmail to discard messages that have been rejected by the next virtusertable hop (i.e. after step 1 in the Problem description)? Or does anyone have any other solutions to this?
Answer
In the end we gave up on fixing this at the sendmail end, bit the bullet, opened our wallets and paid for Google Apps Premium which allowed us to tell GA to accept all emails from the servers acting as MXs.
No comments:
Post a Comment