Deutsch English Français Italiano |
<vmvv7n$27cfe$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail From: none <hzcnjkx656@tormails.com> Newsgroups: comp.mail.sendmail Subject: Re: auth relay limitting Date: Fri, 24 Jan 2025 12:57:42 +0100 Organization: A noiseless patient Spider Lines: 83 Message-ID: <vmvv7n$27cfe$1@dont-email.me> References: <vmqqat$10s5g$1@dont-email.me> <vmr99t$5m2$1@news.misty.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Fri, 24 Jan 2025 12:57:44 +0100 (CET) Injection-Info: dont-email.me; posting-host="b245ddde0a632d1fb8d1f9f30dd00bc5"; logging-data="2339310"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+SZnEBgsQEJ1Bmk+YNGqWWdnbvMJSGtP+q9+xqCuv34w==" User-Agent: Mozilla Thunderbird Cancel-Lock: sha1:vDNNXt64DJv3QezMp5FW1Xw1bu8= Content-Language: en-GB In-Reply-To: <vmr99t$5m2$1@news.misty.com> Bytes: 4068 >> Currently when a user is authenticated it can send messages with any >> From (and envelope ?). I would like to limit this to only addresses >> that the user is configured to receive on. >> >> How would I go about implementing such a thing? > > A custom ruleset. > > You might find some examples on "the 'net". > > Otherwise look at doc/op/op.* about rulesets and macros, esp. > 5.1.4.2. check_mail (and cf/README about Local_*) > ${auth_authen} > The client's authentication credentials as deter- > mined by authentication (only set if successful). > I found this https://www.sendmail.org/~ca/email/doc8.12/cf/m4/anti_spam.html The features described above make use of the check_relay, check_mail, and check_rcpt rulesets. If you wish to include your own checks, you can put your checks in the rulesets Local_check_relay, Local_check_mail, and Local_check_rcpt. For example if you wanted to block senders with all numeric usernames (i.e. 2312343@bigisp.com), you would use Local_check_mail and the regex map: LOCAL_CONFIG Kallnumbers regex -a@MATCH ^[0-9]+$ LOCAL_RULESETS SLocal_check_mail # check address against various regex checks R$* $: $>Parse0 $>3 $1 R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $) R@MATCH $#error $: 553 Header Error But how do I go about changing this in looking up all the auth's email addresses? I think I even use different cluster name because the incomming is different from the outgoing so that is a separate issue to solve. dn: sendmailMTAKey=example@example.com.......... sendmailMTAMapValue: usertest objectClass: sendmailMTA objectClass: sendmailMTAMap objectClass: sendmailMTAMapObject objectClass: ritAdditionalInfo sendmailMTAMapName: virtuser sendmailMTACluster: mail structuralObjectClass: sendmailMTAMapObject I only have README.cf that mentions these, and all related to rcpt not sender. [sendmail]# egrep 'auth_authen|check_mail' * -r README.cf:delay_checks The rulesets check_mail and check_relay will not be called README.cf:The features described above make use of the check_relay, check_mail, README.cf:Local_check_relay, Local_check_mail, and Local_check_rcpt. For README.cf:(i.e. 2312343@bigisp.com), you would use Local_check_mail and the README.cf: SLocal_check_mail README.cf:By using FEATURE(`delay_checks') the rulesets check_mail and check_relay README.cf:If check_mail returns an error then the RCPT TO command will be rejected README.cf:friend the exception. The rulesets check_mail and check_relay will be README.cf:check_mail and check_relay and make a SPAM hater the exception. The README.cf:has been issued, and from check_mail. The parameter is the value of README.cf:The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be README.cf:R$* $: $&{auth_type} $| $&{auth_authen} README.cf: [i, {auth_type}, {auth_authen}, README.cf: R$* $: $&{auth_authen}