sendmail auth - restrict user to local-host-names

shrek-m at gmx.de shrek-m at gmx.de
Wed Dec 29 16:25:51 UTC 2004 

hi,

is it possible to restrict a user to send mails with smtp-auth only to 
local-host-names ?
"dummy at shrek.local" should only be able to send mails to  "shrek.local"
fc3, sendmail-8.13.1-2

<not_the_problem>
  i am not sure if this would be ok without smtp-auth

  $ cat /etc/mail/access
  To:shrek.local  RELAY
  From:user_a@  RELAY
  From:user_b@  RELAY

  = only the listed user could relay and not listed users could only 
send mails to local-domains
</not the problem>


with smtp-auth i tried several combinations in the acces map without luck.
with reject - "dummy@" can send nothing
eg.

$ cat /etc/mail/access
To:shrek.local    OK
From:dummy@    REJECT
Connect:192.168    RELAY
To:bla@        ERROR:550 Bla Bla Blubber




<snip_sendmail_doku>
The value part of the map can contain:

       OK              Accept mail even if other rules in the running
                       ruleset would reject it, for example, if the domain
                       name is unresolvable.  "Accept" does not mean
                       "relay", but at most acceptance for local
                       recipients.  That is, OK allows less than RELAY.
       RELAY           Accept mail addressed to the indicated domain or
                       received from the indicated domain for relaying
                       through your SMTP server.  RELAY also serves as
                       an implicit OK for the other checks.
       REJECT          Reject the sender or recipient with a general
                       purpose message.
       DISCARD         Discard the message completely using the
                       $#discard mailer.  If it is used in check_compat,
                       it affects only the designated recipient, not
                       the whole message as it does in all other cases.
                       This should only be used if really necessary.
       SKIP            This can only be used for host/domain names
                       and IP addresses/nets.  It will abort the current
                       search for this entry without accepting or rejecting
                       it but causing the default action.
       ### any text    where ### is an RFC 821 compliant error code and
                       "any text" is a message to return for the command.
                       The string should be quoted to avoid surprises,
                       e.g., sendmail may remove spaces otherwise.
                       This type is deprecated, use one of the two
                       ERROR:  entries below instead.
       ERROR:### any text
                       as above, but useful to mark error messages as such.
       ERROR:D.S.N:### any text

For example:

       From:cyberspammer.com   ERROR:"550 We don't accept mail from 
spammers"
       From:okay.cyberspammer.com      OK
       Connect:sendmail.org            RELAY
       To:sendmail.org                 RELAY
       Connect:128.32                  RELAY
       Connect:128.32.2                SKIP
       Connect:IPv6:1:2:3:4:5:6:7      RELAY
       Connect:suspicious.example.com  QUARANTINE:Mail from suspicious host
       Connect:[127.0.0.3]             OK
       Connect:[IPv6:1:2:3:4:5:6:7:8]  OK

</snip>

-- 
shrek-m

More information about the fedora-list mailing list