[Mimedefang] Limiting delivery by *nix group
Jeff Rife
mimedefang at nabs.net
Fri Oct 1 01:09:59 EDT 2004
On 30 Sep 2004 at 16:27, Jason Gurtz wrote:
> Are you getting your users via LDAP?
No.
On 30 Sep 2004 at 13:51, Matthew.van.Eerde at hbinc.com wrote:
> We do something similar. Instead of checking from MIMEDefang, we
> have a cron.hourly job query the AD server using LDAP, and build a
> sendmail /etc/mail/access file (and hash it as well.)
We query the Active Directory live using winbind integrated into
/etc/nsswitch.conf:
passwd: files winbind
group: files winbind
This makes checks by sendmail that think they only look at /etc/passwd
for user info actually have "ghost" entries created on the fly by
winbind.
This works well for SMTP AUTH, because I merely add to
/etc/pam.d/smtp.sendmail:
auth requisite pam_succeed_if.so user ingroup smtp-users
I can create any number of groups and restrict logins using PAM and
this same technique to have "ftp-users", "pop3-users", "www-private-
users", etc. There isn't any way like this that makes the actual
account invisible to sendmail, though.
I guess I was just asking if there was an already written Perl function
that does something like is_user_in_group()?
--
Jeff Rife | "When I first heard that Marge was joining the
SPAM bait: | police academy, I thought it would be fun and
AskDOJ at usdoj.gov | zany, like that movie: Spaceballs. But instead
spam at ftc.gov | it was dark and disturbing, like that movie:
| Police Academy."
| -- Homer Simpson
More information about the MIMEDefang
mailing list