sendmail rules to protect internal aliases

Julian Field mailscanner at ecs.soton.ac.uk
Wed Jun 26 15:26:58 IST 2002 

At 14:15 26/06/2002, you wrote:
>Nice!
>In your example, Is there any phrase, for instance "LOCAL" that should be
>repaced with our domain name?

No, it should work as given. The references to ECS in the messages are
because that's the acronym of the name of our department.

>When you say your aliases some end in *-all.,  .. Does that mean this rule
>only applies to certain aliases with *-all?
>whats the 0-9 for?

Some of the aliases are very big, and are too big to be held in 1 alias
(dbm files have a maximum record length of about 2k if I remember rightly).
So, for example, staff-all = staff-all-1 + staff-all-2 + staff-all-3, and
we don't want people mailing the aliases with numbers on the end, as well
as the main aliases themselves.

>Is this code supposed to be inserted into the sendmail.cf file?

It goes in a sendmail.mc file which you then convert into a cf file with
m4. Read www.sendmail.org or the bat book if you don't know what a
sendmail.mc file is.

But if you haven't got an mc file anywhere, just make sure the "K" lines
are above the ruleset-definitions in the cf file.
>-----Original Message-----
>From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
>Sent: Wednesday, June 26, 2002 7:43 AM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: sendmail rules to protect internal aliases
>
>At 00:36 26/06/2002, you wrote:
> >I hope one of you sendmail rule wizards can help me with this...
>
>OT.
>
> >We have several "internal" aliases that are really distribution list
> >-- including one alias that goes to the whole company. Some
> >(stinking) spammer has harvested or otherwise guessed what some of
> >these aliases are. Now we are getting spam to the whole company
> >through one email address.
>
>We have a whole bunch of aliases ending in "-all" (and sub-aliases ending
>in "-all-0" to "-all-9" which aren't accessible from the outside. As an
>example, here's an extract from one of my sendmail.mc files.
>
># This defines the regular expression that we will match against
>KIsEcsList2 regex -a at MATCH ^.*-all(-[0-9])?$
>
>LOCAL_RULESETS
>SLocal_check_rcpt
>R$* $: $>3 $1 Focus on host
>R$* $: $>"QualifyDomain" $1 Make fully-qualified
>R$* <@ $* $m. > $* $1 <@ *LOCAL* > Is recipient an ECS address?
>R$* <@ *LOCAL* > $* $: $(IsEcsList2 $1 $) <@ *LOCAL* > $2 ECS list?
>R at MATCH <@ *LOCAL* > $* $#error $@ 5.1.2 $: Please contact ECS Help Desk
>
># If address is unqualified, add *LOCAL* as the destination hostname.
>SQualifyDomain
>R$* < @ $* > $* $@ $1 < @ $2 > $3 Already fully qualified
>R$+ $@ $1 < @ *LOCAL* > Add local qualification
>
>That should do the trick for you. Don't forget to separate the fields of
>each line with tab characters, not spaces.
>--
>Julian Field Teaching Systems Manager
>jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
>Tel. 023 8059 2817 University of Southampton
>Southampton SO17 1BJ

--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list