Problem: Mail message to invalid user bouncing forever between the web
server and the mail server.
Solution: Add the web server (wwwhost.subdomain.domain) to
/etc/sendmail.cw (this didn't exist - created it) and add
"Fw/etc/sendmail.cw" to /var/adm/sendmail/sendmail.cf and restart
sendmail.
Thanks to pavel_at_cssip.edu.au for helping me out of a truly frustrating
bind, as well as to others who gave it a good shot. Thanks!
The text of the original plea for help follows:
> -----Original Message-----
> From: Gano, Dag
> Sent: Thursday, January 15, 1998 11:52 AM
> To: 'alpha-osf-managers_at_ornl.gov'
> Subject: Immortal Email
>
> We have an email message that can't find a home:
>
> Our web server is run at a remote location. Sendmail on the web server
> is configured as a simple client - all mail is forwarded to the mail
> server at our main location.
>
> Recently, someone sent mail to a non-existent account on the web
> server. In other words, instead of sending it to
> Someone_at_subdomain.domain, they sent it to
> Someone_at_wwwhost.subdomain.domain. We discovered yesterday that the
> message has been bouncing back and forth between the web server and
> the mail server for almost a week now (yeah, yeah... ha-ha :-). We
> have been unable to find a graceful way to get the evil message out of
> the system. Apparently the web server says, "I forward all mail over
> there" and does, and then the mail server says, "Oh - this goes over
> there" and sends it back.
>
> In an attempt to get the message delivered somewhere - anywhere - and
> stop the insanity, I added myself and the non-existent account name to
> /var/adm/sendmail/local.users, I added an alias entry
> (evilname:myname) to /var/adm/sendmail/aliases, and restarted
> sendmail. According to the man pages and comments in the files, mail
> addressed to the names in /var/adm/sendmail/local.users should be
> delivered on the local machine rather than being forwarded to the mail
> server. Numerous attempts with slightly different entries accomplished
> nothing.
>
> While this isn't really hurting anything at the moment, it's creating
> a lot of TCP connections (it appears the original message may have
> been sent multiple times), and
> /var/adm/syslog.dated/??-Jan-??:??/mail.log is REALLY big.
>
> It seems the local.user solution should work. Any ideas why it
> doesn't?
>
> It also seems this is an ongoing vulnerability with our current
> configuration. What's the long-term solution?
>
> Thank you all very much for any help you may be able to provide.
>
> -- Dag Gano
> California Secretary of State - Webmaster
> dgano_at_ss.ca.gov
> http://www.ss.ca.gov
>
Received on Fri Jan 16 1998 - 00:23:18 NZDT