Alias rule help

Julian Field MailScanner at
Mon Dec 15 20:27:51 GMT 2008

I would do this at the MTA level, like other posters have advised.
We have *-all lists, which withing them have *-all-people lists, and we 
don't want people outside being able to mail them.

In we implement this using the following:

KIsEcsList1 regex -a at MATCH ^(cs|el|ce|ie)?ug[0-9]?$
KIsEcsList2 regex -a at MATCH ^.*-all(-[0-9])?$
KIsEcsList3 regex -a at MATCH ^.*-(people|extras)(-[0-9])?$

These define the 3 regexps that match all the mailing lists (examples 
from each line are
IsEcsList1 csug2
IsEcsList2 staff-all, staff-all-1
IsEcsList3 staff-all-people, staff-all-people-2
as that is how the lists are all constructed. Obviously you will need to 
change these to match your own setup.

And then further down in, this. If you know a reasonable 
amount about files, then it should be obvious where the 
<tab> characters go to separate the 3 "fields" of each line of a 
sendmail rule.

R$*                     $: $>3 $1               Focus on host
R$*                     $: $>"QualifyDomain" $1 Make fully-qualified
R$* <@ $* $m. > $*      $1 <@ *LOCAL* >         Is recipient an ECS address?
R$* <@ *LOCAL* > $*     $: $(IsEcsList1 $1 $) <@ *LOCAL* > $2   ECS list?
R$* <@ *LOCAL* > $*     $: $(IsEcsList2 $1 $) <@ *LOCAL* > $2   ECS list?
R$* <@ *LOCAL* > $*     $: $(IsEcsList3 $1 $) <@ *LOCAL* > $2   ECS list?
R at MATCH <@ *LOCAL* > $*    $#error $@ 5.1.2 $: Please contact ECS Help Desk

# If address is unqualified, add *LOCAL* as the destination hostname.
R$* < @ $* > $*         $@ $1 < @ $2 > $3       Already fully qualified
R$+                     $@ $1 < @ *LOCAL* >     Add local qualification

That should tell you all you need to implement restrictions at MTA level 
in sendmail to disable addresses that match regular expressions.

On 15/12/08 16:13, Nasser Al-Zawawi wrote:
> Hi,
> I have a RedHat ES 4 server running sendmail (8.13.1) and I am using 
> the latest MailScanner version (4.73.4-2), ClamAV 0.94.2 and 
> SpamAssassin 3.2.5. I need help with a rule that should block all 
> outside users from sending emails to our aliases and only allow them 
> to come from people from our domain. For example we have an alias 
> called _/all_users/_ and it is literally all users on the system. 
> Somehow spammers are able to see these aliases on the system (I hope 
> there is a way to disallow them from seeing the aliases) and then they 
> are sending SPAMs to these aliases so when they send a spam to 
> _/all_users/_ at <mailto:_all_users_ at> everybody 
> gets that spam. Could somebody write this rule and show what directive 
> to put in the MailScanner.conf if any. I have tried a few but none worked.
> Best regards,
> Nasser


Julian Field MEng CITP CEng
Buy the MailScanner book at

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key:

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list