Thanks for your assistance with this thorny issue. I have finally resolved
the problem by utilising the following:
1) I have added to the access map of sendmail all the domains that accept
mail for any user, user@domain for those email accounts that exist and hosts
that are internal to my network which will send mail via these boxes e.g.
2) I then appended to the end of this file reject lines to reject mail to
unknown users e.g.
So now my access map looks like this:
3) I created a relay-domains file and added to that all the domains that I
was going to relay for e.g.
4) restarted sendmail (which rebuilt access.db and allowed sendmail to read
in the relay-domains file)
My mail scanners now accept mail for relay/scanning from my internal hosts
to any address, from external hosts to mail accounts that exist and to any
account at a domain that has a catch all account setup. All other mail is
rejected with either "Access denied" or Mailbox for this user is disabled".
All this was achieved using a shell script to find the domains from the
qmail server (pop host) and parse the .qmail-* files for each domain and
account and build the relevant files. As this is a live service which has
the potential to change this script is run via cron on a regular basis to
catch the changes. Currently on the pop host this takes about 10 mins to run
as it is trawling the filesystem for changes (due to legacy accounts being
manually created outside of out provisioning tools negating the opportunity
to use the database that exists.)
Thanks again for your help and comments, they were and continue to be very
CentOS mailing list