We have an email message that can't find a home:
Our web server is run at a remote location. Sendmail on the web server
is configured as a simple client - all mail is forwarded to the mail
server at our main location.
Recently, someone sent mail to a non-existent account on the web server.
In other words, instead of sending it to Someone_at_subdomain.domain, they
sent it to Someone_at_wwwhost.subdomain.domain. We discovered yesterday
that the message has been bouncing back and forth between the web server
and the mail server for almost a week now (yeah, yeah... ha-ha :-). We
have been unable to find a graceful way to get the evil message out of
the system. Apparently the web server says, "I forward all mail over
there" and does, and then the mail server says, "Oh - this goes over
there" and sends it back.
In an attempt to get the message delivered somewhere - anywhere - and
stop the insanity, I added myself and the non-existent account name to
/var/adm/sendmail/local.users, I added an alias entry (evilname:myname)
to /var/adm/sendmail/aliases, and restarted sendmail. According to the
man pages and comments in the files, mail addressed to the names in
/var/adm/sendmail/local.users should be delivered on the local machine
rather than being forwarded to the mail server. Numerous attempts with
slightly different entries accomplished nothing.
While this isn't really hurting anything at the moment, it's creating a
lot of TCP connections (it appears the original message may have been
sent multiple times), and /var/adm/syslog.dated/??-Jan-??:??/mail.log is
REALLY big.
It seems the local.user solution should work. Any ideas why it doesn't?
It also seems this is an ongoing vulnerability with our current
configuration. What's the long-term solution?
Thank you all very much for any help you may be able to provide.
-- Dag Gano
California Secretary of State - Webmaster
dgano_at_ss.ca.gov
http://www.ss.ca.gov
Received on Thu Jan 15 1998 - 20:46:31 NZDT