Sendmail backup mx relay

I have used sendmail for a number of years. We use it on our main mail server and on our backup mx servers.

Up until recently we simply allowed the backup mx servers to relay all mail to the domains they serve. Unfortunately spammers tend to target backup mx servers in the belief they are less well protected.

One of the side effects of this is that you end up accepting mail for lots of invalid addresses, which not only results in more spam (as the spammer thinks the address is valid) but also means you then end up trying to send non delivery receipts to some random reply address when the backup mx tries to deliver the mail to the main server and gets refused as the address doesn’t exist.

I finally worked out that there is a nice feature in sendmail to only relay certain addresses thus refusing all the other junk and preventing the erroneous non delivery receipts.

By default we used to add the following to out access database

TO:iwayvietnam.com RELAY

which simply means relay all email addressed to the domain iwayvietnam.com

It is possible to be more selective but first you have to add the following to your sendmail configuration (sendmail.mc). Suggest you save a copy of sendmail.cf first for later comparison.

dnl #
dnl #Use access db with undocumented feature
dnl #
define(`_RELAY_FULL_ADDR_', `1')

Then do a make. Compare your new sendmail.cf with your old one just to ensure you’ve not lost anything.

You can now specify specific email addresses in the TO field rather than just the domain.

It means you have to remember to update your backup mx servers whenever you add or remove an email account but that is a small price to pay for the empty mail queues. I guess you could easily automate it.

Don’t for get to rebuild your access database once you’ve edited the text file.

# hash /etc/mail/access.db < /etc/mail/access

PS. I also set DoubleBounceAddress to nothing (O DoubleBounceAddress=) to get rid of all those non delivery receipts of non delivery receipts!