Deutsch   English   Français   Italiano  
<vmvv7n$27cfe$1@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: none <hzcnjkx656@tormails.com>
Newsgroups: comp.mail.sendmail
Subject: Re: auth relay limitting
Date: Fri, 24 Jan 2025 12:57:42 +0100
Organization: A noiseless patient Spider
Lines: 83
Message-ID: <vmvv7n$27cfe$1@dont-email.me>
References: <vmqqat$10s5g$1@dont-email.me> <vmr99t$5m2$1@news.misty.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 24 Jan 2025 12:57:44 +0100 (CET)
Injection-Info: dont-email.me; posting-host="b245ddde0a632d1fb8d1f9f30dd00bc5";
	logging-data="2339310"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1+SZnEBgsQEJ1Bmk+YNGqWWdnbvMJSGtP+q9+xqCuv34w=="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:vDNNXt64DJv3QezMp5FW1Xw1bu8=
Content-Language: en-GB
In-Reply-To: <vmr99t$5m2$1@news.misty.com>
Bytes: 4068


>> Currently when a user is authenticated it can send messages with any
>>   From (and envelope ?). I would like to limit this to only addresses
>> that the user is configured to receive on.
>>
>> How would I go about implementing such a thing?
> 
> A custom ruleset.
> 
> You might find some examples on "the 'net".
> 
> Otherwise look at doc/op/op.* about rulesets and macros, esp.
> 5.1.4.2. check_mail   (and cf/README about Local_*)
> ${auth_authen}
>    The client's authentication credentials as deter-
>    mined by authentication (only set if successful).
> 

I found this
https://www.sendmail.org/~ca/email/doc8.12/cf/m4/anti_spam.html

  The features described above make use of the check_relay, check_mail, 
and check_rcpt rulesets. If you wish to include your own checks, you can 
put your checks in the rulesets Local_check_relay, Local_check_mail, and 
Local_check_rcpt. For example if you wanted to block senders with all 
numeric usernames (i.e. 2312343@bigisp.com), you would use 
Local_check_mail and the regex map:

LOCAL_CONFIG
Kallnumbers regex -a@MATCH ^[0-9]+$

LOCAL_RULESETS
SLocal_check_mail
# check address against various regex checks
R$*				$: $>Parse0 $>3 $1
R$+ < @ bigisp.com. > $*	$: $(allnumbers $1 $)
R@MATCH				$#error $: 553 Header Error

But how do I go about changing this in looking up all the auth's email 
addresses? I think I even use different cluster name because the 
incomming is different from the outgoing so that is a separate issue to 
solve.

dn: sendmailMTAKey=example@example.com..........
sendmailMTAMapValue: usertest
objectClass: sendmailMTA
objectClass: sendmailMTAMap
objectClass: sendmailMTAMapObject
objectClass: ritAdditionalInfo
sendmailMTAMapName: virtuser
sendmailMTACluster: mail
structuralObjectClass: sendmailMTAMapObject



I only have README.cf that mentions these, and all related to rcpt not 
sender.

[sendmail]# egrep 'auth_authen|check_mail'  * -r
README.cf:delay_checks  The rulesets check_mail and check_relay will not 
be called
README.cf:The features described above make use of the check_relay, 
check_mail,
README.cf:Local_check_relay, Local_check_mail, and Local_check_rcpt.  For
README.cf:(i.e. 2312343@bigisp.com), you would use Local_check_mail and the
README.cf:      SLocal_check_mail
README.cf:By using FEATURE(`delay_checks') the rulesets check_mail and 
check_relay
README.cf:If check_mail returns an error then the RCPT TO command will 
be rejected
README.cf:friend the exception.  The rulesets check_mail and check_relay 
will be
README.cf:check_mail and check_relay and make a SPAM hater the 
exception.  The
README.cf:has been issued, and from check_mail.  The parameter is the 
value of
README.cf:The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be
README.cf:R$*           $: $&{auth_type} $| $&{auth_authen}
README.cf:                                      [i, {auth_type}, 
{auth_authen},
README.cf:      R$*     $: $&{auth_authen}