A qmail server will normally accept email for any box part recipient address for a host that exists in control/rcpthosts.
One can go a step further and validate the box part by patching or replacing qmail-smtpd.
Attempts to queue bogus messages during the initial SMTP conversation are therefore rejected.
Messages to non existent recipients are not accepted.
Also, joe job bounces to forged recipients aren't accepted, stopping them from becoming double bounces.
This will prevent using yet more CPU, I/O and bandwidth processing bounce messages later.
Here are several options, ordered as to how far a qmail server will be penetrated, until the attempt is rejected or the message discarded:
An alphabetically ordered list of patches and qmail-smtpd replacements that reject attempts to queue bogus messages.
Unpatched qmail only uses stdio.h in dns.c.
Mark's goodrcptto diff causes a file to be checked for valid recipient addresses.
My goodrcptto patch causes a file and or cdb to be checked for valid recipient addresses:
Features include fast cdb address verification, logging, dictionary attack prevention, protected public addresses, and man page documentation.
LinuxMagic's LinuxMagic package replaces qmail-smtpd with it's own mail server protocol front end.
Bruce Guenter's mailfront package replaces qmail-smtpd with it's own mail server protocol front end.
Andre Oppermann's qmail-ldap patch causes a database to be checked for valid recipient addresses.
Paul Jarc's qmail-realrcptto patch adds qmail-[send|lspawn|getpw|local] logic into qmail-[smtpd|qmtpd] to determine real recipient addresses.
Jay Soffian's qmail-smtpd patch causes a program to check for valid recipient addresses.
Andrew Richards's qmail-verify patch creates a new qmail-verify daemon that is used by qmail-smtpd to determine if addresses are valid.
Seacon's qmuser patch causes a database to be checked for valid recipient addresses, uses stdio.h.
Dr. Erwin Hoffmann's RECIPIENTS extension patch causes cdbs to be checked for valid recipient addresses.
Amitai Schleier's rejectutils patch adds several standalone programs for selectively rejecting messages.
Oliver Neubauer's validrcptto patch causes a file to be checked for valid recipient addresses.
John M. Simpson's validrcptto.cdb patch causes a cdb to be checked for valid recipient addresses.
qmail-smtpd; qmail-queue; qmail-send; qmail-lspawn; qmail-getpw; qmail-local
Not needed if recipient checking in previous section has been implemented.
Markus Stumpf says that a badrcptto patch and setlock can be used to bounce bad recipient messages the first time, and reject them subsequent times during the initial SMTP conversation.
Ward Vandewege's badrcptto logging and non logging patches cause a file to be checked for invalid recipient addresses.
# cat >~alias/.qmail-default <<EOF
? |/command/setlock -x /var/qmail/control/badrcptto sh -c "echo \$RECIPIENT \
? >>/var/qmail/control/badrcptto" && echo 'No such user here.' && exit 100
This discards messages to non existent recipients, and joe job bounces to forged recipients, before becoming a double bounce;
# echo # >~alias/.qmail-default
Russell Nelson's doublebounce-trim patch causes bounces to be discarded before reaching the queue again as a double bounce;
# rm ~alias/.qmail-default
# echo >/var/qmail/control/doublebounceto
qmail-smtpd; qmail-queue; qmail-send; qmail-lspawn; qmail-getpw; qmail-local; qmail-queue; qmail-send; qmail-lspawn; qmail-getpw; qmail-local
This discards double bounces;
# rm ~alias/.qmail-default
# echo discard >/var/qmail/control/doublebounceto
# echo # >~alias/.qmail-discard