Hi all,
Hitchhiking the thread, how can I use the access.db to create a
"deny all" rule?
I want to allow only my relays to delivery mail to an internal
machine.
Something like this:
Connect:mail1.domain.com RELAY
Connect:mail2.domain.com RELAY
Connect:<everything_else> REJECT
- Marcelo
On Tue, 11 Oct 2005, Sven Willenberger wrote:
|On Thu, 2005-10-06 at 13:08 -0400, Frank Marsolais wrote:
|> >"Martin J. Dellwo" wrote:
|> >> >
|> >> I have implemented an access.db with FEATURE(`access') in sendmail, with
|> >> lots of 'To:<someword>@domain.com REJECT' lines to block unknown users
|> >> (or currently unknown but former users). Does this get checked before
|> >> or after MIMEDefang? How would I distinguish this in the mail syslogs>
|> >> (I have pretty high logging level turned on). If the user is unknown on
|> >> the system and would therefore be rejected anyway, am I gaining anything
|> >> by using the access.db?
|>
|> >To blacklist a recipient, you must have the blacklist recipients feature
|> >enabled. If you have blacklist recipients enabled, it would get checked
|> >before MIMEDefang.
|>
|> >If you really want to blacklist recipients, use the virtusertable -- it
|> >is MUCH simpler. In fact, we have found the easiest way to bounce email
|> >for any user that does not exist any longer is to list all valid users in
|> >the virtusertable, then create an entry such as:
|>
|> >@ourdom.com ERROR:5.1.1:"550 No such user in domain ourdom.com"
|>
|> >Or, you could explicitly reject a former user by:
|> >joe at ourdom.com ERROR:5.1.1:"550 Joe don't live here no more"
|>
|
|Sendmail's default bounce message for blacklisted recipients is "Mailbox
|disabled for this recipient" when invoked from the access file. What we
|actually do is use blacklist_recipients and then create our access.db
|file to resemble:
|
|TO:ourdomain REJECT
|TO:[EMAIL PROTECTED] OK
|TO:[EMAIL PROTECTED] OK
|TO:[EMAIL PROTECTED] OK
|
|This is especially useful on inbound (MX) machines where the final users
|are not local to that machine (and where virtusertable would have to
|rewrite the username to have it be delivered to the next hop)
|
|Sven
|
|
|_______________________________________________
|Visit http://www.mimedefang.org and http://www.roaringpenguin.com
|MIMEDefang mailing list
|[email protected]
|http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
|
_______________________________________________
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
[email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
