Implement Access Control List With MailScanner???
Ken A
ka at PACIFIC.NET
Thu Jul 1 23:06:52 IST 2004
You don't have users that use their email addresses from outside your
domain? Nobody checks email from home on their cable ISP, and uses
@yourdomain email addresses?
Using MailScanner From and To rulesets as you have suggested would stop
the envelope sender being set to yourdomain, but the sender could still
set the 'From:' header to yourdomain. :-(
I think you'd need to also kill it with sendmail (maybe a milter) or
maybe an SA rule that matched META conditions (yourdomain in the From
Header) and NOT (one of your relays).
Ken A
Vicchiullo, Rob wrote:
> Hey you find a solution for this please share it with us, I need the
> same thing. =)
>
>
>
> Rob V
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Walt Wyndroski
> Sent: Thursday, July 01, 2004 5:05 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Implement Access Control List With MailScanner???
>
> Hello all,
> I've been doing some serious googling over the 2-3 days about how to
> implement a type of ACL (access control list) for Sendmail which would
> help
> in preventing the spoofing of my domain to my users. The only thing I
> can
> find are rulesets which are inserted direclty into the sendmail.cf,
> which is
> something that I really want to avoid. I was hoping MailScanner would
> allow
> me to do this. Here is my setup:
>
> Kernel Version 2.4.22-1.2194.nptlsmp
> SendMail RPM Version sendmail-8.12.10-1.1.1
> Procmail RPM Version procmail-3.22-11
> MailScanner RPM Version mailscanner-4.30.2-1
>
> If an email arrives at my mail server with the from header as
> user at mydomain,
> I need to further look at the message to see if the message originated
> from
> one of the subnets for which I relay. If it did, I'll accept it. If it
> didn't, I'll discard it. If anyone knows of a Sendmail m4 rule for this,
> please point me in the right direction and accept my apologies for being
> on
> the wrong list. :) Otherwise, if MailScanner can already do this or if
> someone has already written a custom function for this, please point me
> in
> the right direction.
>
> Walt Wyndroski
>
> -------------------------- MailScanner list ----------------------
> To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/ and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
> -------------------------- MailScanner list ----------------------
> To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/ and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list