OK, I've been reading this and the letters "MX" keep ringing in my head. As
well as the words "drop as little legitimate mail as possible (hopefully
none)".
This sounds like an MX problem. If you no longer accept mail for this host
all DNS records for that host which point to your mail server should be
expunged or changed to a correct destination.
Once that is done any mail that comes to your server for that host *SHOULD*
be rejected with a 5xx error. Preferably with a custom 5xx error stating
that the MX for that host has changed and the sender should verify that
their caching DNS has updated recently.
This is for two reasons.
1. You should never accept mail for another destination and throw it away
without also telling either the sender or recipient that you have done so
-- for each and every piece of mail that you throw away, not just by
telling the destination host that you will be throwing away all mail. The
senders of any legitimate email should have some indication that it never
arrived so they can attempt contact by other means.
2. Load on your server. If you turn off the relay and reject with a 5xx
during SMTP negotiation no email is ever transferred. If you want to throw
it away you have to accept the whole email first, however many hundreds or
thousands of megabytes per month that is.
If you just go ahead and 5xx reject them then the REAL email senders will
get the idea eventually. The spammers probably never will but at least you
don't have the load of accepting all their stuff before you toss it.
If this mail was for a named internal host your 5xx error should probably
direct people to a web page explaining that you are no longer using that
mail host and providing an alternate contact form (I'd use a web form
rather than placing an email address directly in the 5xx error to keep the
address from being harvested).
Gerald
On Wed, 01 Nov 2006 22:57:04 +0000 Kanda Nikornpongsin
<thaichili(_at_)hotmail(_dot_)com> wrote:
Hi Matt,
Thanks for your response. So from what I understand procmail rule process
mails in qmail-queue that are detined for local delivery. I would like to
still have my /etc/tcp.smtp config as below, so that mails are not rejected.
127.:allow,RELAYCLIENT=""
172.26.:allow,RELAYCLIENT=""
But once qmail looks up my rcptphost and see it is not for local mails I
would like it to drop instead of RELAY
Perhaps another word can I apply procmail rule to qmail-smtp?
Can I do something like this
tcpserver -c100 -x/etc/tcp.smtp.cdb 0 smtp /var/qmail/bin/qmail-smtpd '|
preline /bin/procmail /etc/procmalrc' /var/qmail/bin/splogger smtpd &
where my /etc/procmailrc list as below
VERBOSE=yes
PATH=/bin:/usr/bin:/opt/bin:/usr/local/bin
LOGABSTRACT=all
COMSAT=no
SHELL=/bin/sh
MAILDIR=$HOME/Maildir/
LOGFILE=/tmp/procmail.log
:0
* !^To:.*(mydomain\.com)
* !^Cc:.*(mydomain\.com)
* !^^X-From: mydomain
{
LOG = "!mydomain"
:0
/dev/null/
}
thanks again in advance,
Kanda
-------------------------------------------------
Message: 1
Date: Tue, 31 Oct 2006 11:01:12 -0500
From: Matt Dunford <zenmatic(_at_)gmail(_dot_)com>
Subject: Re: yet another procmail recipe
To: Kanda Nikornpongsin <thaichili(_at_)hotmail(_dot_)com>
Cc: procmail(_at_)lists(_dot_)rwth-aachen(_dot_)de
Message-ID:
<cd90e6e80610310801h4b0179e7p6a2806b7df582f4(_at_)mail(_dot_)gmail(_dot_)com>
Content-Type: text/plain; format=flowed; charset=ISO-8859-1
On 10/30/06, Kanda Nikornpongsin <thaichili(_at_)hotmail(_dot_)com> wrote:
> Not sure if this is a qmail or procmail question as I am pretty new to
both.
>
> I would like to DROP all mails that are NOT sending to "mydomain.com".
> Originally our /etc/tcp.smtp on the qmail server was set as a
"REALYCLIENT"
> for a particular internal ip. I remove "RELAYCLINT" part and it is no
longer
> allow any mails relay to this host. But the host that sends out e-mails
got
> a bunch of reject messages. I would like to change the behavior a bit so
> that the mails just gets dropped instead of bouncing the messages back?
Hi Kanda,
The best fix for this would be to reconfigure the problem host to use
another relay. If you don't have access to that server, then you
could block it entirely with a firewall rule. That would put an end
to any messages on your end and any bounces on theirs.
But if you still want to accept mail from this host, but just drop all
its messages, you'll need to make sure that qmail uses the global
procmail file. There's a script for this here: /var/qmail/boot/proc.
If that doesn't exist on your system, it's in the source code as
proc.sh. (Hmmm, I see the latest qmail is 1.03 which came out in 98).
You'll need to copy that script to /var/qmail/rc, I think, and then
restart qmail. Then you can add all the rules you want to
/etc/procmailrc. You'll probably want to match the Received: header
and then drop any messages from the problem host.
--
-- Matt Dunford -- zenmatic(_at_)gmail(_dot_)com
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail