Implement Access Control List With MailScanner???

Walt Wyndroski wdwrn at FRIENDLYCITY.NET
Thu Jul 1 22:41:30 IST 2004 

Actually, this thought just occured to me: The rulesets in MailScanner are
structured as From:, FromOrTo:, To:, FromAndTo:. If I could use FromAndFrom:
then I could build a rule as follows:

From: mydomain.com    From: <IP or Subnet>    Accept
From: mydomain.com    From: 0.0.0.0/0              Deny

OR:

Can I use rulesets within rulesets? For instance, in the blacklist.rules
could I put:

From: mydomain.com    /etc/MailScanner/rules/mydomain.com.txt

And inside "/etc/MailScanner/rules/mydomain.com.txt" I would put:

From: <my subnet(s)>    NO
From: default                  YES  or  From: /!(<my subnet(s)>)/    YES

What do you all think?

Walt Wyndroski



----- Original Message -----
From: "Walt Wyndroski" <wdwrn at friendlycity.net>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Thursday, July 01, 2004 5:05 PM
Subject: Implement Access Control List With MailScanner???


> Hello all,
>     I've been doing some serious googling over the 2-3 days about how to
> implement a type of ACL (access control list) for Sendmail which would
help
> in preventing the spoofing of my domain to my users. The only thing I can
> find are rulesets which are inserted direclty into the sendmail.cf, which
is
> something that I really want to avoid. I was hoping MailScanner would
allow
> me to do this. Here is my setup:
>
>  Kernel Version    2.4.22-1.2194.nptlsmp
> SendMail RPM Version    sendmail-8.12.10-1.1.1
> Procmail RPM Version    procmail-3.22-11
> MailScanner RPM Version    mailscanner-4.30.2-1
>
> If an email arrives at my mail server with the from header as
user at mydomain,
> I need to further look at the message to see if the message originated
from
> one of the subnets for which I relay. If it did, I'll accept it. If it
> didn't, I'll discard it. If anyone knows of a Sendmail m4 rule for this,
> please point me in the right direction and accept my apologies for being
on
> the wrong list. :) Otherwise, if MailScanner can already do this or if
> someone has already written a custom function for this, please point me in
> the right direction.
>
> Walt Wyndroski
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list