Recipient checking

box@host

A qmail server will normally accept email for any box part recipient address for a host that exists in control/rcpthosts.
One can go a step further and validate the box part by patching or replacing qmail-smtpd.
Attempts to queue bogus messages during the initial SMTP conversation are therefore rejected.
Messages to non existent recipients are not accepted.
Also, joe job bounces to forged recipients aren't accepted, stopping them from becoming double bounces.
This will prevent using yet more CPU, I/O and bandwidth processing bounce messages later.
Here are several options, ordered as to how far a qmail server will be penetrated, until the attempt is rejected or the message discarded:

qmail-smtpd

Notes:
An alphabetically ordered list of patches and qmail-smtpd replacements that reject attempts to queue bogus messages.
Unpatched qmail only uses stdio.h in dns.c.

qmail-smtpd; qmail-queue; qmail-send; qmail-lspawn; qmail-getpw; qmail-local

Note:
Not needed if recipient checking in previous section has been implemented.

qmail-smtpd; qmail-queue; qmail-send; qmail-lspawn; qmail-getpw; qmail-local; qmail-queue; qmail-send; qmail-lspawn; qmail-getpw; qmail-local