November 29th, 2006

RcptFilter

The backup SMTP server for my public domains are running on a FreeBSD platform (it is a Sendmail daemon). Since its unique function is to relay messages to authoritative Exchange servers, it has no connection with the directory service maintaining information about active mailboxes, therefore it cannot understand if a recipient address of a message is to be managed as a valid address, even if it is sent to one of my public e-mail domains.
Obviously this behavior has always been causing the generation of many NDRs (Non-Delivery Receipts), because of the large amount of messages sent by spammers to invalid SMTP addresses. Furthermore, several NDRs cannot be delivered because also the sender SMTP address is often crafted, so generating a painful message flow and queue growth.

Since I have no time to spend in administering my Unix servers, after I tried to make Sendmail able to lookup the Active Directory at each “rcpt to” submission I took off, because it was a solution too expensive to fit my needs until some days ago, when I found a great message posted by someone who was experiencing the same concerns about the NDR message flow.

The solution is essentially build onto some perl scripts which compose the active recipient list by querying the Active Directory. Then they compile the “access” file needed by sendmail to build the relay control database “access.db”, by reading also the information contained in the “relay-domains” file under the /etc/mail directory.
I had only to write a shell script to unify all the operations (query the LDAP server, build the access and the access.db files, reload Sendmail daemon) and my Sendmail is fnally able to know if the “Rcpt to” field is a fake or valid SMTP address, without any complex MTA code change!