[Mimedefang] OffTopic : Need some sendmail help (access configs)

Matthew Hall matt at angui.sh
Mon Dec 20 13:07:39 EST 2004


> Either we talked on Lily earlier this week, or this
> is a remarkable coincidence.

Possibly. I have no real mapping of lilyhandle = person, but
since I recall this as well, it was probably on lily. :)
I wanted to write this out longhand, since on lily it is difficult
to present an entire idea.

> First, you will have to do the blocking by class A subnets.
>
>  1 550 Access denied
>  2 550 Access denied
>  ...
>  255 550 Access denied
>
> The sendmail access file has no regular expressions.  Instead,
> sendmail.cf defines rules which looks up specific IP or domains,
> followed by less specific networks and domains.  So, just write
> a quick perl/ph/C/whatever program to generate the block list.

OK, so access will reject all networks, BUT, because we enable
delay_checks, that gets delayed long enough to hit the

spam:@ourdomain FRIEND

and be accepted for relay to our smart host? That spam rule
looks for To:@ourdomain, not From:@ourdomain, right?

> Second, have you tried "FEATURE(`delay_checks', `friend')"?
>
> This would let you define a rule such as:
>
>  spam:@ourdomain FRIEND
>
> to allow email to users in @ourdomain, even though they would
> be rejected otherwise.  (You may also need to add the IP addresses
> of connecting machines.)

But if I'm rejected all class A's via above, what is this for?
I would then have to readd several C's ... if I add those C's,
would they still be subject to the spam: rule, or will they
pass through?

> Alternatively, if you know who the email is destined for
> you can use the userdb to keep a list of maildrops.  As

Nope. There will be over 13K possible addresses that
@ourdomain will cover.

> an administrator of a "theirmailer" (but, not this particular
> "theirmailer" machine) machine, I would prefer this solution
> since it keeps the junk off of our machine.  (For example,
> if a spammer finds you and starts sending undeliverable email
> to our.domain, "theirmachine" will get stuck with all the
> undeliverable email, subsequent postmaster bounces.)

Irrelevant, because ourmailer is "internal". Only their
mailer has world visibility.

Sendmail is irritating. To bring this back "On Topic", is what
I'm attempting better done in mimedefang with a simple filter
to check the To: via a fairly simple regexp? Or do you think
this is doable through sendmail without incurring the extra
overhead of mdf?

-- 
It's always September somewhere on the 'net. | http://angui.sh
Another proud member of Eep's killfile.      | Unix Sys. Admin.
All projects approach the ghetto, some       |
faster than others.                          | matt at angui.sh



More information about the MIMEDefang mailing list