SUMMARY: "Yo, dummy sendmail! Go over there!"

From: Jochen Bern (bern@penthesilea.Uni-Trier.DE)
Date: Tue Jun 07 1994 - 04:56:42 CDT

Original Question:
> This Problem is rather for your Leisure Time ...
> I'm setting up a dedicated Fileserver (under 4.1.3_U1 and NIS). [...]
> What I would like to have is that if some braindead sendmail connects
> the sendmail on the Fileserver, the latter tells it to disconnect and
> reconnect to our Mailhost, but I'm afraid that that ain't expressable
> in SMTP. :-C
> So far, I can imagine three Possibilities:
> 1) Run no sendmail at all. The dummy sendmail will get "Service denied"
> and bounce the Mail either immediately or after three Days. However,
> the Sender doesn't get any Info as to WHY his Mail wasn't accepted.
> 2) Run sendmail and disallow all Users. Same Thing as above, only with
> "User unknown" instead of "Service denied".
> 3) Run sendmail and allow Mails to go through the Fileserver. Not good.
> Since the Users and their Home Dirs are known, People might set up
> a .forward to a Pipe; Either I disable this, breaking vacation et. al.,
> or I allow it, which allows our Users to start an xterm or somesuch
> on our Fileserver.
> So, what is the kosher Way to politely saying "no Mail to *this* Host"?

A Lot of interesting Info came back on this one!

1) Most Respondents told me that enabling the OR Option - a SunOSism -
   would actually do what I want. Shame on me, I didn't know this, all
   my Clients are running with this Option, which is included in the
   standard However, I have received a List of
   12 (now, after some Tests of mine, 13 :-C ) Reasons why not to use
   this Option. To say it very short: It's heavily broken. sendmail 8
   has a quite similar Option, NULLCLIENT; no Bug Reports on this one.

2) The next best Option is to create a "no local Processing, forward
   ALL" without the OR Option. This can be done quite reliably
   (by not having sendmail *know* any other Mailers than tcpld in the
   first Place). I was sent a proven on a Variety of Plat-
   forms, currently run it on the Fileserver, but not somewhere it would
   be tested thoroughly yet. I'll most probably drop that one into all
   our Clients.

3) To specifically inhibit funny Things being done with Mail to Pipes,
   there is smrsh (sendmail restricted Shell) available to drop into instead of /bin/sh.

4) Others pointed out that having Aliases will do the Trick, bypassing
   any .forward a User could set up. Nice Idea, but I'm not fond of
   keeping the Aliases List up to Date.

5) Yet others told me that if someone configured an Internet Site such
   that it doesn't honor MX Records (which I assumed to be set correctly),
   then Bounces is all they deserve, hence no Need for a running sendmail.
   Possible Problem: Mail generated by non-interactive Programs, e.g.
   cron Jobs.

6) An interesting Sidenote: PC-NFS does some *very* sloppy checking of
   valid Login Shells. Instead of looking up /etc/shells correctly, it
   assumes that anything ending in "sh" is a valid Shell. Look out for
   this if you want to dis/enable User Access by having /etc/passwd contain
   "+::::::/funnyshell" or somesuch.

7) Last not least I was wrong in assuming that SMTP wouldn't provide
   Support for this Kind of Negotiation! RFC 821 contains:
        251 User not local; will forward to <forward-path>
        551 User not local; please try <forward-path>
   Now, does anyone have an Idea as to how many Implementations support
   getting this Kind of Reply without freaking out on it? Doing a strings
   /usr/lib/sendmail shows me a Lot of Error Msgs, including 550 User
   unknown and 550 Host unknown, but none of the two above ...

Thanks to:
   Tom Reingold <>
   Mario Dupuis <>
   Ian MacPhedran <>
   Peter Allan <>
   Pom Bajar <>
   Fuat C. Baran <>
   Claus Assmann <>
   A. Bryan Curnutt <bryan@Stoner.COM>
   Gregory Bond <>
   Barry Margolin <barmar@Think.COM>
   Per Hedeland <> (Maintainer of the Anti-OR List)
   Jason Jonas <>
   Ray Schnitzler <>
   Hal Stern <stern@sunrise.East.Sun.COM> (did NOT mention OR ;-)

                                                                        J. Bern

__/\_____________________________________________   ___________________________
 /  \                                            \ /                        /\
/ J. \ EMail: bern@[TI.]Uni-Trier.DE / ham: DD0KZ X  More Infos on me from /  \
\Bern/ X.400: <---- temporarily disabled ---->   / \  the X.500 Directory; \  /
 \  /  P. O. Box 1203, 54202 Trier, Germany     /   \  Pub Keys via finger  \/
__\/___________________________________________/ EOF \_________________________

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:03 CDT