Large Prod Env Mail Host Was [Re: ClamAV Feedback]
Ow Mun Heng
Ow.Mun.Heng at wdc.com
Wed Oct 27 09:58:18 UTC 2004
On Wed, 2004-10-27 at 16:57, Paul Howarth wrote:
> Ow Mun Heng wrote:
> > I couldn't locate a check_mail and check_rcpt in sendmail's Doc (in
> > /usr/share/doc)
>
> check_mail and check_rcpt are rulesets in the sendmail.cf configuration file.
> They're probably explained in the sendmail operations guide (?) in the
> sendmail-doc package.
Hmm.. must check on that then. Thanks
>
> > What I did find was just references to it. I did find this though
> > loose_relay_check
> > Normally, if % addressing is used for a recipient, e.g.
> > user%site at othersite, and othersite is in class {R}, the
> > check_rcpt ruleset will strip @othersite and recheck
> > user at site for relaying. This feature changes that
> > behavior. It should not be needed for most installations.
> >
> > But that is only useful if you're using a single email account to forward to multiple users
> > within your organisation. (but this would need intervention from your ISP to get them
> > to implement the % thingy)
>
> There was a time when % routing was widely implemented. Not now I suspect, but
> this isn't what the OP was talking about anyway
I was only refering to this because this is the only thing I found.
> .
>
> > I believe you're building sendmail yourself them. How does one check if
> > using rpm(?) Do you know? (I'm booted into gentoo and I know sendmail is
> > compiled with ldap support)
>
> Run: sendmail -d0.10 < /dev/null
>
> The output should include LDAPMAP.
Cool. What does 0.10 means? Putting only -d also works.
> > If I understand your explanation of check_mail and check_rcpt correctly,
> > it only adds a level of security/anti-relay check correct?
>
> check_mail and check_rcpt are rulesets called by sendmail when the SMTP MAIL
> FROM: and RCPT TO: commands are issued respectively [actually that's not
> strictly true if FEATURE(`delay_checks') is being used, but it's the same
> principle]. Just about any sort of check that can be expressed in rulesets can
> be done at these times. For instance, I check that the connecting client isn't
> trying to forge my hostname or IP address in their SMTP HELO greeting. I also
> use checks in these rulesets to reject mail from domains whose MX records are
> in IP space controlled by certain spammers.
Understand, essentially a security check then. Again, this can be done
in postfix too right(?) whether or not it's versatile, I'm not too sure.
> >>This is also where Bogofilter is
> >>called if we do spam filtering.
> >
> > Stupid Question. Is Spamassassin via spamass-milter (the mitler side)
> > slower or more resource intensive compared to bogofilter?
>
> SpamAssassin does much more than bogofilter so I'd expect it to be more
> resource intensive. Since I don't use either though, I couldn't say definitively.
I use SpamAssassin's milter to sendmail. It's quite resource intensive.
More information about the fedora-list
mailing list