LinuxSA Mailing list archives

Index: [thread] [date] [subject] [author]

  From: David Newall <davidn@rebel.net.au>
  To  : Alan Kennington <akenning@dog.topology.org>
  Date: Thu, 23 Sep 1999 21:04:25 +0930 (CST)

Re: sendmail problem

May I be lazy and simply give you the rules which I use?

Careful of tabs in the rule.  Put the names of the sites you will relay for
in /etc/sendmail.cR.  Note some sites prefer to use IP addresses rather
than hostnames.  I like names, and indeed the rule which I use permits
complete domains to be relayed, for example if your /etc/sendmail.cR
includes foo.net, then it will accept mail for relay from foo.net and
bar.foo.net.  Use of names does leave you open for reverse-IP address
spoofing, for example if I know that you relay for foo.net then I can
configure my DNS to translate my ip address as foo.net.  Calculate your
risk and decide how you want to do it.

If you want to use IP addresses instead of names, replace {client_name}
with {client_address} in the first rule of Scheck_rcpt, and ensure that all
of your local addresses are included in class w (in Cw and Fw).

If you don't like permitting complete domains to be relayed, remove $* from
the first two rules of Sremove_local.


$ cat hack/norelay.m4
LOCAL_CONFIG
FR-o /etc/sendmail.cR

LOCAL_RULESETS
Scheck_rcpt

# anything originating locally is ok
R$*			$: $(dequote "" $&{client_name} $) $| $1
R$* $=w $| $*		$@ OK
R$* $=R $| $*		$@ OK
R$@ $| $*		$@ OK

# not sent locally.  anything terminating locally is ok
R$* $| $*		$: $>3 $2
R$+			$: $>remove_local $1

# anything non-local is bogus
R$* < @ $* > $*		$#error $: 550 Relaying Denied for $1 < @ $2 > $3

Sremove_local
R$* < @ $* $=R . > $*	$>3 $1 $4
R$* < @ $* $=w . > $*	$: $>remove_local $>3 $1 $4
R$* < @ $* > $*		$@ $1 < @ $2 > $3

# dequote local part
R$*			$: $>3 $(dequote $1 $)
R$* < @ $* > $*		$: $>remove_local $1 < @ $2 > $3

$ cat cf/rebel.mc
divert(-1)
include(`../m4/cf.m4')
define(`confDEF_USER_ID',``8:12'')
define(`confDOMAIN_NAME', ``rebel.net.au'')
OSTYPE(`linux')
undefine(`UUCP_RELAY')
undefine(`BITNET_RELAY')
FEATURE(nopercent)
FEATURE(nouucp)
FEATURE(redirect)
FEATURE(always_add_domain)
FEATURE(use_cw_file)
FEATURE(local_procmail)
HACK(norelay)		<========= add this line near here
HACK(spamsite)
MAILER(procmail)
MAILER(smtp)


Regards,

David

-- 
Check out the LinuxSA web pages at http://www.linuxsa.org.au/
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject

Index: [thread] [date] [subject] [author]

Return to the LinuxSA Mailing List Information Page