OT sendmail question

Pentland G. G.Pentland at soton.ac.uk
Wed Nov 29 16:59:47 GMT 2006 

I've got this at hand which goes part way to Matt's issue

SLocal_check_relay
# Check if the connecting server is allowed to send mail or not
# Anything local is allowed
R$w $| $*     $@ $w $| $1
R$j $| $*     $@ $j $| $1
R$* $| 127 . 0 . 0 . 1      $@ $1 $| 127 . 0 . 0 . 1
# Now check the hostname against the allowed map
R$* $| $*     $: < $1 $| $2 > $(authhost $1 $: < NOTAUTH > $)
# If we didn't match on host name try the IP address next
R< $* $| $* > < NOTAUTH >     $: < $1 $| $2 > $(authhost $2 $: < NOTAUTH
> $)
# If we still didn't match then return an error mailer
R< $* $| $* > < NOTAUTH >     $#error $@ 5.7.1 $: You are not authorised
to mail directly to this server
# Otherwise rewrite it back out and return
R< $* $| $* > $*              $: $1 $| $2

Which checks that mail is coming from an ip address in "Kauthhost -n
/etc/mail/authhost"

I'd guess you need to add a class for those domains $=custdomain and
then call this conditionally on whether the domain in mail from is in
that class...

Might need some more thought if this is to be a more general map for
multiple domains...  I'm thinking about code like this that reads
mailertable for example...  "FEATURE ('Reverse Mailertable')"?

I'll have a think and let you know what I come up with.


For you Trever, something simpler should suffice, I'd have to double
check but the feature "relay_based_on_MX" would probably do it, or
something like it, only allowing relaying for domains that you are an MX
server for.

Hope that helps,

Gary

Furnish, Trever G wrote:
> I don't have a solution for you, but that would be a very useful
> feature.  I'd love to limit the domains my internal users can send
> from, to combat the problem of ignorant developers who, for example,
> set the envelope sender to an address we don't own in mail sent from
> web forms. 
> 
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf
>> Of Matt Hampton
>> Sent: Wednesday, November 29, 2006 11:13 AM
>> To: MailScanner discussion
>> Subject: OT: sendmail question
>> 
>> Evening
>> 
>> Does anyone know how to configure sendmail to restrict which
>> domains an IP can send from?
>> 
>> I.e.
>> 
>> 123.123.123.123 is allowed to send email from domain.com, example.com
>> 123.123.123.124 is allowed to send email from domain.co.uk,
>> example.com 
>> 
>> (I could do this in a milter but would prefer to do this in
>> an database file like the access map)
>> 
>> regards
>> 
>> Matt
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> 
>> Before posting, read http://wiki.mailscanner.info/posting
>> 
>> Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list