Sendmail and access file
in [Sendmail]
|
From: Cedric Tardif on 27 Nov 2006 07:51 Hi, I have been trying to implement some new security level to lower the spam and the number of user unknow on my relay. What i was looking forward to achive was deny every mail on the relay and then permit only valid e-mail address via the access file. So far i got no result on doing this. I was hoping to be able to do this with OK (accept e-mail even if other rules in the current ruleset would reject it.) but so far it not working properly. Example 1 : mydomain RELAY mydomain REJECT user(a)mydomain OK Example 2 : mydomain RELAY user(a)mydomain OK mydomain REJECT In those to example user(a)mydomain are rejected. Any example would be welcome. Regards Cedric
From: jmaimon@ttec.com on 27 Nov 2006 08:18 Cedric Tardif wrote: > Hi, > > I have been trying to implement some new security level to lower the > spam and the number of user unknow on my relay. Here are some approaches to this. * Use ldap routing see cf/README +--------------+ | LDAP ROUTING | +--------------+ http://www.sendmail.org/m4/ldap_routing.html * Use virtusertable with undocumented feature and an entry for each valid user and a catchall entry that @domain.com error:nouser _VIRTUSER_STOP_ONE_LEVEL_RECURSION_ * Use virtusertable with a RHS of "!" for each valid user and a catchall entry that @domain.com error:nouser * Use access db with undocumented feature define(`_RELAY_FULL_ADDR_', `1') To:u...(a)example.com RELAY To:u...(a)example.com RELAY (and just don't add the "bare" example.com at all in access db or relay-domains). * use a milter of which there are many. milter-ahead j-chkmail mimedefang dnsbl callahead-milter smf-sav http://www.jmaimon.com/sendmail/milters > > What i was looking forward to achive was deny every mail on the relay > and then permit only valid e-mail address via the access file. > > So far i got no result on doing this. > > I was hoping to be able to do this with OK (accept e-mail even if other > rules in the current ruleset would reject it.) but so far it not working > properly. > > Example 1 : > mydomain RELAY > mydomain REJECT > user(a)mydomain OK > > Example 2 : > mydomain RELAY > user(a)mydomain OK > mydomain REJECT > > In those to example user(a)mydomain are rejected. > > Any example would be welcome. To:u...(a)example.com RELAY To:u...(a)example.com RELAY (and just don't add the "bare" example.com at all in access db or relay-domains). > > Regards > Cedric
From: Cedric Tardif on 27 Nov 2006 08:59 Hi, Thank for the fast reply. I have take a look at RELAY_FULL_ADDR on google, as you say it a undocumented feature and i found only 5 link not really revelent to the problem :) If i'm using RELAY_FULL_ADDR and understand it correctly i would go that way : To:user1(a)example.com RELAY To:user2(a)example.com RELAY etc ... No example.com RELAY in the access file. That way it will reject user unknow. I understand that connect:outsidemailserver OK will still work correctly. Will Spam:user2(a)example.com FRIEND and/or Spam:example.com FRIEND will keep working correctly ? Regards Cedric jmaimon(a)ttec.com wrote: > Cedric Tardif wrote: >> Hi, >> >> I have been trying to implement some new security level to lower the >> spam and the number of user unknow on my relay. > > Here are some approaches to this. > * > > Use ldap routing > > see cf/README > > +--------------+ > | LDAP ROUTING | > +--------------+ > > http://www.sendmail.org/m4/ldap_routing.html > > * > > Use virtusertable with undocumented feature and an entry for each > valid user and a catchall entry that @domain.com error:nouser > > _VIRTUSER_STOP_ONE_LEVEL_RECURSION_ > > * > > Use virtusertable with a RHS of "!" for each valid user and a > catchall entry that @domain.com error:nouser > > * > > Use access db with undocumented feature > > define(`_RELAY_FULL_ADDR_', `1') > > To:u...(a)example.com RELAY > To:u...(a)example.com RELAY > > (and just don't add the "bare" example.com at all in access db or > relay-domains). > > * > > use a milter of which there are many. > > milter-ahead > j-chkmail > mimedefang > dnsbl > callahead-milter > smf-sav > > http://www.jmaimon.com/sendmail/milters > >> What i was looking forward to achive was deny every mail on the relay >> and then permit only valid e-mail address via the access file. >> >> So far i got no result on doing this. >> >> I was hoping to be able to do this with OK (accept e-mail even if other >> rules in the current ruleset would reject it.) but so far it not working >> properly. > > >> Example 1 : >> mydomain RELAY >> mydomain REJECT >> user(a)mydomain OK >> >> Example 2 : >> mydomain RELAY >> user(a)mydomain OK >> mydomain REJECT >> >> In those to example user(a)mydomain are rejected. >> >> Any example would be welcome. > > To:u...(a)example.com RELAY > To:u...(a)example.com RELAY > > (and just don't add the "bare" example.com at all in access db or > relay-domains). > >> Regards >> Cedric >
From: Cedric Tardif on 1 Dec 2006 08:24 Hi, Just a update and a question. This : > To:user1(a)example.com RELAY > To:user2(a)example.com RELAY Work great but you have to had this : To:example.com REJECT This way only know user will pass through. Now the question would be what is the undocumented limit of entry you can add in the access file ? Regards Cedric Tardif wrote: > Hi, > > Thank for the fast reply. > > I have take a look at RELAY_FULL_ADDR on google, as you say it a > undocumented feature and i found only 5 link not really revelent to the > problem :) > > If i'm using RELAY_FULL_ADDR and understand it correctly i would go that > way : > > To:user1(a)example.com RELAY > To:user2(a)example.com RELAY > etc ... > > No example.com RELAY in the access file. > > That way it will reject user unknow. > > I understand that connect:outsidemailserver OK will still work correctly. > > Will Spam:user2(a)example.com FRIEND and/or Spam:example.com FRIEND will > keep working correctly ? > > Regards > Cedric > > > > jmaimon(a)ttec.com wrote: >> Cedric Tardif wrote: >>> Hi, >>> >>> I have been trying to implement some new security level to lower the >>> spam and the number of user unknow on my relay. >> >> Here are some approaches to this. >> * >> >> Use ldap routing >> >> see cf/README >> >> +--------------+ >> | LDAP ROUTING | >> +--------------+ >> >> http://www.sendmail.org/m4/ldap_routing.html >> >> * >> >> Use virtusertable with undocumented feature and an entry for each >> valid user and a catchall entry that @domain.com error:nouser >> >> _VIRTUSER_STOP_ONE_LEVEL_RECURSION_ >> >> * >> >> Use virtusertable with a RHS of "!" for each valid user and a >> catchall entry that @domain.com error:nouser >> >> * >> >> Use access db with undocumented feature >> >> define(`_RELAY_FULL_ADDR_', `1') >> >> To:u...(a)example.com RELAY >> To:u...(a)example.com RELAY >> >> (and just don't add the "bare" example.com at all in access db or >> relay-domains). >> >> * >> >> use a milter of which there are many. >> >> milter-ahead >> j-chkmail >> mimedefang >> dnsbl >> callahead-milter >> smf-sav >> >> http://www.jmaimon.com/sendmail/milters >> >>> What i was looking forward to achive was deny every mail on the relay >>> and then permit only valid e-mail address via the access file. >>> >>> So far i got no result on doing this. >>> >>> I was hoping to be able to do this with OK (accept e-mail even if other >>> rules in the current ruleset would reject it.) but so far it not working >>> properly. >> >> >>> Example 1 : >>> mydomain RELAY >>> mydomain REJECT >>> user(a)mydomain OK >>> >>> Example 2 : >>> mydomain RELAY >>> user(a)mydomain OK >>> mydomain REJECT >>> >>> In those to example user(a)mydomain are rejected. >>> >>> Any example would be welcome. >> >> To:u...(a)example.com RELAY >> To:u...(a)example.com RELAY >> >> (and just don't add the "bare" example.com at all in access db or >> relay-domains). >>> Regards >>> Cedric >>
From: jmaimon@ttec.com on 1 Dec 2006 09:03 Cedric Tardif wrote: > Hi, > > Just a update and a question. > > This : > > To:user1(a)example.com RELAY > > To:user2(a)example.com RELAY > > Work great but you have to had this : > > To:example.com REJECT > > This way only know user will pass through. Or ensure that it is not in relay-domains? That way it will fall to relay denied.
|
Next
|
Last
Pages: 1 2 Prev: Vacation and Sendmail Next: Vacation program - Connection refused by [127.0.0.1] |