How can I set qmail to not accept mail for unkown local users?

qmail-smtpd accepts messages if the SMTP domain part of recipient address ("RCPT to: ") matches an entry in control/rcpthosts or control/morercpthosts.cdb. The existence of a mailbox/maildir for the corresponding SMTP recipient is checked later in the delivery chain. In case no Mailbox/Maildir exists, the message is bounced back to the SMTP sender ("MAIL From: "). For normal SMTP mail traffic thats fine as long as the rate of undeliverable messages dont exceed 10% and the sender is 'legitmate'; ie. exists.

Todays situation is different: Spam and Virus attacks with forged/faked sender addresses to a bunch of random recipient addresses yield a undeliverable rate up to 90%. Worse, the generated bounces will never reach the sender and a double-bounce is eventually send to the postmaster.

A patch from Fehcom called RECIPIENTS extension makes qmail-smtpd aware of acceptable local recipients. The recipients are kept in fastforward compatible cdbs for quick lookup during the SMTP session. The lookup is done for recipients whose domain part match an entry in control/locals and is not applied for virtual domains. The RECIPIENTS mechanism supports Qmail's address extensions (VERP). If a recipient address like 'foo' is included in a cdb, all VERP addresses like 'foo-bar' are accepted for SMTP reception.