[Mimedefang] Limiting delivery by *nix group

Matthew.van.Eerde at hbinc.com Matthew.van.Eerde at hbinc.com
Thu Sep 30 16:51:13 EDT 2004


Jeff Rife wrote:
> I posted this to the sendmail newsgroup and got an answer that uses
> sendmail rulesets.  Since I don't understand these as well as I
> understand Perl (since I'm a Perl beginner, that tells you
> how little I
> can deal with sendmail rules), I'd like a way to do this from within
> MIMEDefang. 
> 
> The need arose because our mail server gets its user list from Active
> Directory, but not every one of the users listed there should get e-
> mail (a good example is all the "machine" users).  I can
> easily put all
> the real e-mail users into a AD group which then maps to a *nix group.
> 
> So, all I need to do is check to see whether the user is in a
> particular group and, if not, return a "550 User unknown" status.
> 
> How would I do this from within MIMEDefang?
> 
> Thanks.

We do something similar.  Instead of checking from MIMEDefang, we have a cron.hourly job query the AD server using LDAP, and build a sendmail /etc/mail/access file (and hash it as well.)

You could use Softerra's free LDAP browser as a tool to fine-tune your LDAP query, to restrict to a certain group

There's up to an hour latency from when an email address is created to when sendmail is accepted - but for us that's not a concern

Matthew.van.Eerde at hbinc.com                      805.964.4554 x902
Hispanic Business Inc./HireDiversity.com         Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"



More information about the MIMEDefang mailing list