Implement Access Control List With MailScanner??? {Scanned}

Vicchiullo, Rob robv at DISASTER.COM
Thu Jul 1 22:36:12 IST 2004


Don't think he is looking for relaying restrictions.
He is trying to prevent mail that says it's from his users that is
destined for other users of his.

So let's say a message comes in from the outside that is for
joe at mydomain.com and it says its from jill at mydomain.com
It didn't originate from my mail server yet it says its from one of my
users.
 


Rob V

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Scott Silva
Sent: Thursday, July 01, 2004 5:30 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Implement Access Control List With MailScanner??? {Scanned}

| Hello all,
|     I've been doing some serious googling over the 2-3 days about how
to
| implement a type of ACL (access control list) for Sendmail which would
help
| in preventing the spoofing of my domain to my users. The only thing I
can
| find are rulesets which are inserted direclty into the sendmail.cf,
which
is
| something that I really want to avoid. I was hoping MailScanner would
allow
| me to do this. Here is my setup:
|
|  Kernel Version    2.4.22-1.2194.nptlsmp
| SendMail RPM Version    sendmail-8.12.10-1.1.1
| Procmail RPM Version    procmail-3.22-11
| MailScanner RPM Version    mailscanner-4.30.2-1
|
| If an email arrives at my mail server with the from header as
user at mydomain,
| I need to further look at the message to see if the message originated
from
| one of the subnets for which I relay. If it did, I'll accept it. If it
| didn't, I'll discard it. If anyone knows of a Sendmail m4 rule for
this,
| please point me in the right direction and accept my apologies for
being
on
| the wrong list. :) Otherwise, if MailScanner can already do this or if
| someone has already written a custom function for this, please point
me in
| the right direction.

http://www.sendmail.org/m4/anti_spam.html
particularly the section;
FEATURE(`relay_mail_from')

put the IP addresses of the subnets you relay in the access file.
Don't put the domains in as they are easy to fake. I was caught here
and it is easy to do and a little harder to find out why sooo much
junk gets through.

If you relay for the network 11.22.33.0 then you would have;
11.22.33.0   RELAY
in /etc/mail/access

Also read this;
http://www.sendmail.org/tips/relaying.html


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html




More information about the MailScanner mailing list