Sendmail alias question

sun.jedi sun.jedi at gmail.com
Fri Nov 13 05:07:45 UTC 2009 

If you are able to provision a DMZ MX server (if you don't already have 
one) which rejects certain internal addresses like your all_users group, 
and forwards everything else to your company MX server, you'd put 
something like this on the DMZ server:

- Enable blacklist in sendmail.mc
and then;
- in /etc/mail/access add appropriate entries
From:evilspy.net       REJECT
connect:evilspy.net    REJECT
connect:your_isp       OK
To:all_users@          ERROR:550 bad name

or if you really wanted to be evil yourself:

To:all_users@          DISCARD

That way the internal stuff still works, and the inbound external stuff 
goes nowhere.

Sendmail is tcp_wrappers aware, so if it's a manageable list of domains 
you want to block, maybe some creative entries in /etc/hosts.allow and 
/etc/hosts.deny would meet your needs. Didn't sound it, from your 
example, but I thought I'd mention it.

-Marc

On 11/12/2009 4:03 PM, Bill Watson wrote:
> Kurt,
> Thank you for your thorough reply! I was worried that I was too vague and it
> appears that I was. Here is the scene that I want to "fix":
>
> joe at here.com sends an email "To" grouplist at here.com instead of "BCC"ing
> grouplist at here.com and this causes everyone on grouplist to be able to see
> that the email was sent to grouplist at here.com.  ALSO this means that
> everyone with spy/virus infected email software on grouplist also has now
> notified the evil spy folks that grouplist at here.com is a valid email
> address. Then the evildoer spy folks now know to send from everywhere on the
> planet to grouplist at here.com all their evil messages. This means that if
> grouplist is all our outside employees for instance, then everybody in that
> group gets evil messages with the spy folks only sending one email.
>
> Now if only folks within our walls were able to use grouplist at here.com and
> everyone outside our walls got a 505 invalid user message, then I could
> better control the evildoers being able to send stuff to grouplist@ from all
> their "owned" PC base.
>
> I just don't know how to restrict grouplist@ from being a valid name to
> outsiders.
>
> Thanks,
> Bill Watson
> bill at magicdigits.com
>
>
> -----Original Message-----
> From: redhat-sysadmin-list-bounces at redhat.com
> [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of
> pbdlists at pinboard.com
> Sent: Thursday, November 12, 2009 12:00 PM
> To: redhat-sysadmin-list at redhat.com
> Subject: Re: Sendmail alias question
>
> Hi Bill,
>
> The alias will simply be expanded to everything after the key, so your
> example expands to "me" "you" "them" "us" "yall" whatever that might be.
> These can be local users, lists, remote addresses or further groups. If
> you want to restrict it to "me at local.domain" and "you at local.domain" and
> "them at remote.domain" then
> it should look like
>
> folks: me at local.domain,you at local.domain,them at remote.domain
>
> The aliases file works just like a translation: folks is translated to
> exactly the list that follows. Your local sendmail then interprets that
> list just as if those addresses were given as the recipients (an as
> already mentioned, if one of those alias destinations is another alias,
> that gets expanded again).
>
> Maybe you want to have a look at
> http://www.bga.org/~lessem/psyc5112/usail/mail/aliasing/
>
> Hope this helps somewhat.
>
> Cheers,
>
> Kurt
>
>
> On Mon, Nov 09, 2009 at 02:51:18PM -0800, Bill Watson wrote:
>   
>> This is probably too far off topic for this list, but hopefully someone
>>     
> will take pity on me and help out. I have tried googling a bunch of times
> and either get 10,000 off topic answers or none. 
>   
>> When using /etc/aliases to expand a user group such as
>>
>> folks:  me, you, them, us, yall
>>
>> this seems to work wonderfully. Unfortunately a little too wonderfully.
>>
>> What is the easiest (if any) way to restrict this alias group to
>>
>> 1) folks on the same subnet (internal use only) - localhost/etc
>> or
>> 2) folks at least claiming to be of a certain domain (mydomain.com)
>>
>> I have found that if we fail to BCC the sent mail, then the spammers pick
>>     
> up the group name and then their junk gets replicated with great efficiency.
> The restrictions would try to help reduce the junk mail.
>   
>> Thank you in advance,
>>
>> Bill Watson
>>     
>
> --
> redhat-sysadmin-list mailing list
> redhat-sysadmin-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
>
> --
> redhat-sysadmin-list mailing list
> redhat-sysadmin-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
>
>

More information about the redhat-sysadmin-list mailing list