[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

sendmail auth - restrict user to local-host-names



hi,

is it possible to restrict a user to send mails with smtp-auth only to local-host-names ?
"dummy shrek local" should only be able to send mails to "shrek.local"
fc3, sendmail-8.13.1-2


<not_the_problem>
 i am not sure if this would be ok without smtp-auth

 $ cat /etc/mail/access
 To:shrek.local  RELAY
 From:user_a@  RELAY
 From:user_b@  RELAY

= only the listed user could relay and not listed users could only send mails to local-domains
</not the problem>



with smtp-auth i tried several combinations in the acces map without luck. with reject - "dummy@" can send nothing eg.

$ cat /etc/mail/access
To:shrek.local    OK
From:dummy@    REJECT
Connect:192.168    RELAY
To:bla@        ERROR:550 Bla Bla Blubber




<snip_sendmail_doku> The value part of the map can contain:

      OK              Accept mail even if other rules in the running
                      ruleset would reject it, for example, if the domain
                      name is unresolvable.  "Accept" does not mean
                      "relay", but at most acceptance for local
                      recipients.  That is, OK allows less than RELAY.
      RELAY           Accept mail addressed to the indicated domain or
                      received from the indicated domain for relaying
                      through your SMTP server.  RELAY also serves as
                      an implicit OK for the other checks.
      REJECT          Reject the sender or recipient with a general
                      purpose message.
      DISCARD         Discard the message completely using the
                      $#discard mailer.  If it is used in check_compat,
                      it affects only the designated recipient, not
                      the whole message as it does in all other cases.
                      This should only be used if really necessary.
      SKIP            This can only be used for host/domain names
                      and IP addresses/nets.  It will abort the current
                      search for this entry without accepting or rejecting
                      it but causing the default action.
      ### any text    where ### is an RFC 821 compliant error code and
                      "any text" is a message to return for the command.
                      The string should be quoted to avoid surprises,
                      e.g., sendmail may remove spaces otherwise.
                      This type is deprecated, use one of the two
                      ERROR:  entries below instead.
      ERROR:### any text
                      as above, but useful to mark error messages as such.
      ERROR:D.S.N:### any text

For example:

From:cyberspammer.com ERROR:"550 We don't accept mail from spammers"
From:okay.cyberspammer.com OK
Connect:sendmail.org RELAY
To:sendmail.org RELAY
Connect:128.32 RELAY
Connect:128.32.2 SKIP
Connect:IPv6:1:2:3:4:5:6:7 RELAY
Connect:suspicious.example.com QUARANTINE:Mail from suspicious host
Connect:[127.0.0.3] OK
Connect:[IPv6:1:2:3:4:5:6:7:8] OK


</snip>

--
shrek-m


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]