Making sendmail only accept mail to genuine Exchange users

Spicer, Kevin Kevin.Spicer at BMRB.CO.UK
Fri Jul 2 15:32:34 IST 2004 

-----Original Message-----
>From: Idan Plotnik [mailto:idan at SECURENET.CO.IL] 

>I have some questions about this methodology if you don't mind:
>1. in this phase i don't want to use the VBscript so I create and copy
the 
>   file " whitelist-addresses.txt" manually to the /etc/mail directory.

That is fine

>2. I don't understend what this line means in the perl script:
>   my $exchangebox="exchange.yourdomain.com";
>   I saw that when I run the script he create the files mailhost and 
>   mailhost.db that contain the mail address from the
whitelist-addresses 
>   file and add the value that he has in the $exchangebox variable, why
???

So that sendmail knows where to route the mail to (see below).

>   How the MailScanner know to translate the DNS name to the IP address
?
>   And If I put there IP Address its not working.

Because it is expecting a dns name, and its not mailscanner its
sendmail.  It should resolve correctly if your DNS is set up correctly -
if not a hosts file entry may help.

>3. why I need to put the Exchnage IP address inside the "access" file ?
the 
>   access file contain the domain name that the Sendmail will authorize

>   RELAY to.
>   I don't send my emails through the MailScanner, just incoming
emails.

You don't RELAY to, you RELAY for.  Normally you relay for your own
domain (incoming or outgoing), but in this setup you no longer relay
_to_ your domain, only from it.  In order to relay from your domain you
permit relay for your internal servers (IP addresses in the access file
only apply to sending hosts AFAIK).  If your internal boxes don't relay
through your mailscanner box then you don't need to add them.

>4. why I need to delete all the entries in the mailertable file ?
>   How the sendmail will know to send the emails to the Exchnage server
?
>   In the mailertable I configure "domain_name   ip_addr_exchnage"

Because in this setup you are no longer relaying for your domain, you
are accepting mail on your sendmail box as if they were local accounts
and then redirecting each address in the mailhost file to the server
specified on the same line.  If the user doesn't appear in the mailhost
file then they are considered not to exist and therefore reject as an
invalid address - this is the 'trick' that the whole technique relies
upon.




BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list