Hi,
I'm looking for a way, in sendmail, to set access rule, saying:
Accept messages for domain.com only from this IP address.
I did some research yesterday, but could only find a way to restrict by IP for all domains managed by sendmail.
Any ideas?
Regards,
Ugo
On Thu, 2006-08-31 at 09:47 -0400, Ugo Bellavance wrote:
Hi,
I'm looking for a way, in sendmail, to set access rule, saying:Accept messages for domain.com only from this IP address.
I did some research yesterday, but could only find a way to restrict by IP for all domains managed by sendmail.
Any ideas?
It is overkill for this one job, but if you add MimeDefang (http://www.mimedefang.org) as a milter, you can easily add tests like that in perl in your filter code. Well maybe it's not overkill compared to learning how to write sendmail rulesets in its own macro language - and if you want to add virus or spam scans it is a big win.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Les Mikesell wrote:
On Thu, 2006-08-31 at 09:47 -0400, Ugo Bellavance wrote:
Hi,
I'm looking for a way, in sendmail, to set access rule, saying:Accept messages for domain.com only from this IP address.
I did some research yesterday, but could only find a way to restrict by IP for all domains managed by sendmail.
Any ideas?
It is overkill for this one job, but if you add MimeDefang (http://www.mimedefang.org) as a milter, you can easily add tests like that in perl in your filter code. Well maybe it's not overkill compared to learning how to write sendmail rulesets in its own macro language - and if you want to add virus or spam scans it is a big win.
Another option is to run another sendmail daemon configured to listen on a non-standard port with its own cf and access files and have the sender output to that port.
- --
Richard
Richard wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Les Mikesell wrote:
On Thu, 2006-08-31 at 09:47 -0400, Ugo Bellavance wrote:
Hi,
I'm looking for a way, in sendmail, to set access rule, saying:Accept messages for domain.com only from this IP address.
I did some research yesterday, but could only find a way to restrict by IP for all domains managed by sendmail.
Any ideas?
It is overkill for this one job, but if you add MimeDefang (http://www.mimedefang.org) as a milter, you can easily add tests like that in perl in your filter code. Well maybe it's not overkill compared to learning how to write sendmail rulesets in its own macro language - and if you want to add virus or spam scans it is a big win.
Another option is to run another sendmail daemon configured to listen on a non-standard port with its own cf and access files and have the sender output to that port.
That is a good idea, I'll see if I can do that in this specific situation. Other ideas welcome :).
Thanks
Ugo
On 31/08/06, Ugo Bellavance ugob@camo-route.com wrote:
Richard wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Les Mikesell wrote:
On Thu, 2006-08-31 at 09:47 -0400, Ugo Bellavance wrote:
Hi,
I'm looking for a way, in sendmail, to set access rule, saying:Accept messages for domain.com only from this IP address.
I did some research yesterday, but could only find a way to restrict by IP for all domains managed by sendmail.
Any ideas?
It is overkill for this one job, but if you add MimeDefang (http://www.mimedefang.org) as a milter, you can easily add tests like that in perl in your filter code. Well maybe it's not overkill compared to learning how to write sendmail rulesets in its own macro language - and if you want to add virus or spam scans it is a big win.
Another option is to run another sendmail daemon configured to listen on a non-standard port with its own cf and access files and have the sender output to that port.
That is a good idea, I'll see if I can do that in this specific situation. Other ideas welcome :).
Working on from Richard's idea, run a separate daemon but on standard ports and bound to an aliased IP and configure that Sendmail instance to only allow SMTP to/from your customer. You could firewall that IP too so only traffic to/from the customer was allowed.
The advantage there being minimal disruption to the end-user and you can setup specific DNS records for {mail,smtp,pop}.customerdomain.tld pointing to the aliased IP.
Will.
Les Mikesell wrote:
On Thu, 2006-08-31 at 09:47 -0400, Ugo Bellavance wrote:
Hi,
I'm looking for a way, in sendmail, to set access rule, saying:Accept messages for domain.com only from this IP address.
I did some research yesterday, but could only find a way to restrict by IP for all domains managed by sendmail.
Any ideas?
It is overkill for this one job, but if you add MimeDefang (http://www.mimedefang.org) as a milter, you can easily add tests like that in perl in your filter code. Well maybe it's not overkill compared to learning how to write sendmail rulesets in its own macro language - and if you want to add virus or spam scans it is a big win.
Thanks for the idea, but not really practical in our situation... The solution would have to be implemented using actual software, so I must be able to do it in Sendmail.
Regards,
Ugo
On Thu, 2006-08-31 at 13:57 -0400, Ugo Bellavance wrote:
I did some research yesterday, but could only find a way to restrict by IP for all domains managed by sendmail.
It is overkill for this one job, but if you add MimeDefang (http://www.mimedefang.org) as a milter, you can easily add tests like that in perl in your filter code. Well maybe it's not overkill compared to learning how to write sendmail rulesets in its own macro language - and if you want to add virus or spam scans it is a big win.
Thanks for the idea, but not really practical in our situation... The solution would have to be implemented using actual software, so I must be able to do it in Sendmail.
I think something got lost in the translation there. Isn't MimeDefang actual software? If it has to be done inside of sendmail you'll need a custom ruleset. The O'Reilly 'bat' book would be a good place to start.
Les Mikesell wrote:
On Thu, 2006-08-31 at 13:57 -0400, Ugo Bellavance wrote:
I did some research yesterday, but could only find a way to restrict by IP for all domains managed by sendmail.
It is overkill for this one job, but if you add MimeDefang (http://www.mimedefang.org) as a milter, you can easily add tests like that in perl in your filter code. Well maybe it's not overkill compared to learning how to write sendmail rulesets in its own macro language - and if you want to add virus or spam scans it is a big win.
Thanks for the idea, but not really practical in our situation... The solution would have to be implemented using actual software, so I must be able to do it in Sendmail.
I think something got lost in the translation there. Isn't MimeDefang actual software? If it has to be done inside of sendmail you'll need a custom ruleset. The O'Reilly 'bat' book would be a good place to start.
Thanks, I'll have a look at my bat book. By "actual software", I guess I was more meaning "current software", ie I don't want to install another package to do the job.
Regards,
Ugo
Ugo Bellavance schrieb:
Hi,
I'm looking for a way, in sendmail, to set access rule, saying:Accept messages for domain.com only from this IP address.
I did some research yesterday, but could only find a way to restrict by IP for all domains managed by sendmail.
Any ideas?
Regards,
Ugo
Just add a LOCAL_RULESET to sendmail.mc. Not that hard to realize.
Alexander
Alexander Dalloz wrote:
Ugo Bellavance schrieb:
Hi,
I'm looking for a way, in sendmail, to set access rule, saying:Accept messages for domain.com only from this IP address.
I did some research yesterday, but could only find a way to restrict by IP for all domains managed by sendmail.
Any ideas?
Regards,
Ugo
Just add a LOCAL_RULESET to sendmail.mc. Not that hard to realize.
Alexander
Any real example or pointer to a tutorial?
Regards,
Ugo
Ugo Bellavance wrote:
Hi,
I'm looking for a way, in sendmail, to set access rule, saying:Accept messages for domain.com only from this IP address.
I did some research yesterday, but could only find a way to restrict by IP for all domains managed by sendmail.
Any ideas?
Yes, add a lookup to check sending host ip against domain and add some rules to check. This has been tested in sendmail ruleset testing mode only...you probably want to run some tests of your own.
eg: your sendmail is configured to relay for example.org.
Add a domainip berkeley db. example.org 192.168.10.4 in domainip
Add a map to sendmail.cf (after access map in this example)
# Access list database (for spam stomping) Kaccess hash -T<TMPF> -o /etc/mail/access.db
# Domain ip list Kdomainip hash /etc/mail/domainip.db
# Configuration version number DZ8.13.1
Add rules to check sending host ip (client_addr) against domain. Put the four missing lines in your Local_check_rcpt ruleset. You cannot just copy and paste from this mail. Put a tab/tabs between the $: and $#error and the > character of each line
###################################################################### ### check_rcpt -- check SMTP `RCPT TO:' command argument ######################################################################
SLocal_check_rcpt R< $- @ $* > $: < $(domainip $2 $: ? $) > R<$&{client_addr}> $: OK R<?> $: OK R<$*> $#error $@ 5.7.1 $: "550 Relaying denied" Scheck_rcpt R$* $: $1 $| $>"Local_check_rcpt" $1 R$* $| $#$* $#$2 R$* $| $* $@ $>"Basic_check_rcpt" $1
Feizhou wrote:
Ugo Bellavance wrote:
Hi,
I'm looking for a way, in sendmail, to set access rule, saying:Accept messages for domain.com only from this IP address.
I did some research yesterday, but could only find a way to restrict by IP for all domains managed by sendmail.
Any ideas?
Yes, add a lookup to check sending host ip against domain and add some rules to check. This has been tested in sendmail ruleset testing mode only...you probably want to run some tests of your own.
eg: your sendmail is configured to relay for example.org.
Add a domainip berkeley db. example.org 192.168.10.4 in domainip
Add a map to sendmail.cf (after access map in this example)
# Access list database (for spam stomping) Kaccess hash -T<TMPF> -o /etc/mail/access.db
# Domain ip list Kdomainip hash /etc/mail/domainip.db
# Configuration version number DZ8.13.1
Add rules to check sending host ip (client_addr) against domain. Put the four missing lines in your Local_check_rcpt ruleset. You cannot just copy and paste from this mail. Put a tab/tabs between the $: and $#error and the > character of each line
Probably easier, update /etc/hosts.{allow,deny} and/or update your firewall to block the port from undesirables.
I'm looking for a way, in sendmail, to set access rule, saying:Accept messages for domain.com only from this IP address.
I did some research yesterday, but could only find a way to restrict by IP for all domains managed by sendmail.
<snip>
Add rules to check sending host ip (client_addr) against domain. Put the four missing lines in your Local_check_rcpt ruleset. You cannot just copy and paste from this mail. Put a tab/tabs between the $: and $#error and the > character of each line
Probably easier, update /etc/hosts.{allow,deny} and/or update your firewall to block the port from undesirables.
How, may I ask, do you suggest providing the logic needed to intelligently block connections as necessary?
I don't see what is so hard about adding a few lines to sendmail.cf and making sure they are added properly and here the only requirement is that there is at least one tab between the LHS and RHS of the ruleset lines. Or maybe you did not read what the OP wanted to achieve at the top.
-
Alexander Dalloz -
Feizhou -
John Summerfield -
Les Mikesell -
Richard -
Ugo Bellavance -
Will McDonald