When sendmail receives email via SMTP, it
gathers its list of envelope recipients from the RCPT TO: command. In
that command, two envelope recipients might be specified (and
acknowledged) like this:
250 2.1.5 <userA@your.host.domain>... Recipient OK
250 2.1.5 <userB@your.host.domain>... Recipient OK
Here, each RCPT TO: line tells sendmail to
deliver a copy of the message to each recipient specified in that
line. Each shows the local sendmail
acknowledging each recipient.
One method of spamming is to list thousands of recipients for each
messagethat is, to specify thousands of RCPT TO: commands,
causing sendmail to deliver a copy of the
message to thousands of recipients. As an antispam measure, V8.10
sendmail introduced an option to limit the
number of recipients that can be specified for a given envelope.
Called MaxRecipientsPerMessage, that option is
used like this:
O MaxRecipientsPerMessage=limit configuration file (V8.10 and later)
-OMaxRecipientsPerMessage=limit command line (V8.10 and later)
define(`confMAX_RCPTS_PER_MESSAGE', `limit') mc configuration (V8.10 and later)
The limit tells sendmail the
maximum number of recipients it will accept for the current envelope.
Any that are specified beyond this limit cause
sendmail to acknowledge with this message:
452 4.5.3 Too many recipients
A 452 SMTP acknowledgment tells the sending machine to defer delivery
to this recipient until later. This won't hurt
legitimate sites because it delays delivery only until the next queue
run. Spam sites, however, will be discouraged because they count on
having thousands of recipients accepted at once.
The default for limit is zero. If specified as
zero or as a negative value, no limit is imposed.
The MaxRecipientsPerMessage option is safe. Even
if it is specified from the command line,
sendmail retains its special privileges.