| Deutsch English Français Italiano |
|
<vmvv7n$27cfe$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: none <hzcnjkx656@tormails.com>
Newsgroups: comp.mail.sendmail
Subject: Re: auth relay limitting
Date: Fri, 24 Jan 2025 12:57:42 +0100
Organization: A noiseless patient Spider
Lines: 83
Message-ID: <vmvv7n$27cfe$1@dont-email.me>
References: <vmqqat$10s5g$1@dont-email.me> <vmr99t$5m2$1@news.misty.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 24 Jan 2025 12:57:44 +0100 (CET)
Injection-Info: dont-email.me; posting-host="b245ddde0a632d1fb8d1f9f30dd00bc5";
logging-data="2339310"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+SZnEBgsQEJ1Bmk+YNGqWWdnbvMJSGtP+q9+xqCuv34w=="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:vDNNXt64DJv3QezMp5FW1Xw1bu8=
Content-Language: en-GB
In-Reply-To: <vmr99t$5m2$1@news.misty.com>
Bytes: 4068
>> Currently when a user is authenticated it can send messages with any
>> From (and envelope ?). I would like to limit this to only addresses
>> that the user is configured to receive on.
>>
>> How would I go about implementing such a thing?
>
> A custom ruleset.
>
> You might find some examples on "the 'net".
>
> Otherwise look at doc/op/op.* about rulesets and macros, esp.
> 5.1.4.2. check_mail (and cf/README about Local_*)
> ${auth_authen}
> The client's authentication credentials as deter-
> mined by authentication (only set if successful).
>
I found this
https://www.sendmail.org/~ca/email/doc8.12/cf/m4/anti_spam.html
The features described above make use of the check_relay, check_mail,
and check_rcpt rulesets. If you wish to include your own checks, you can
put your checks in the rulesets Local_check_relay, Local_check_mail, and
Local_check_rcpt. For example if you wanted to block senders with all
numeric usernames (i.e. 2312343@bigisp.com), you would use
Local_check_mail and the regex map:
LOCAL_CONFIG
Kallnumbers regex -a@MATCH ^[0-9]+$
LOCAL_RULESETS
SLocal_check_mail
# check address against various regex checks
R$* $: $>Parse0 $>3 $1
R$+ < @ bigisp.com. > $* $: $(allnumbers $1 $)
R@MATCH $#error $: 553 Header Error
But how do I go about changing this in looking up all the auth's email
addresses? I think I even use different cluster name because the
incomming is different from the outgoing so that is a separate issue to
solve.
dn: sendmailMTAKey=example@example.com..........
sendmailMTAMapValue: usertest
objectClass: sendmailMTA
objectClass: sendmailMTAMap
objectClass: sendmailMTAMapObject
objectClass: ritAdditionalInfo
sendmailMTAMapName: virtuser
sendmailMTACluster: mail
structuralObjectClass: sendmailMTAMapObject
I only have README.cf that mentions these, and all related to rcpt not
sender.
[sendmail]# egrep 'auth_authen|check_mail' * -r
README.cf:delay_checks The rulesets check_mail and check_relay will not
be called
README.cf:The features described above make use of the check_relay,
check_mail,
README.cf:Local_check_relay, Local_check_mail, and Local_check_rcpt. For
README.cf:(i.e. 2312343@bigisp.com), you would use Local_check_mail and the
README.cf: SLocal_check_mail
README.cf:By using FEATURE(`delay_checks') the rulesets check_mail and
check_relay
README.cf:If check_mail returns an error then the RCPT TO command will
be rejected
README.cf:friend the exception. The rulesets check_mail and check_relay
will be
README.cf:check_mail and check_relay and make a SPAM hater the
exception. The
README.cf:has been issued, and from check_mail. The parameter is the
value of
README.cf:The macros ${auth_authen}, ${auth_author}, and ${auth_type} can be
README.cf:R$* $: $&{auth_type} $| $&{auth_authen}
README.cf: [i, {auth_type},
{auth_authen},
README.cf: R$* $: $&{auth_authen}