[Mimedefang] Sendmail config (slightly OT)

[Sven Willenberger]

On Tue, 2005-01-11 at 10:59 -0500, Dirk the Daring wrote:
>    Hello, MIMEdefang gurus. I'm setting up a mail relay to which I'll be
> adding MIMEdefang, SpamAssassin and ClamAV. However, I'm running into
> some problems with the sendmail config, and I hope someone on here can
> help me iron this out, so I can progress on to the other installs and
> get MD and SA running. Obviously, I want to have sendmail 100%
> configured before progressing on.
> 
<snip>
> 
>    So, my questions to the sendmail gurus in this forum are:
> 
> 	1) Is there any definitive listing of what tables are
> 		consulted in what order and when during the
> 		sendmail mail-handling process?
> 
> 	2) How can I host multiple Domains on a relay without
> 		being forced to add the Domains to /etc/access
> 		(thus bypassing some checks), or adding them
> 		to Class {R} (thus bypassing practically all
> 		checks aside from RBLs), or adding them
> 		to Class {w} (thus breaking mailertable); while
> 		still retaining the ability to selectively route
> 		E-Mail and selectively blacklist recipients and/or
> 		senders? Right now, I've added the Domains to
> 		/etc/mail/access with the RELAY action.
> 
> 	3) Does anyone know, for sure, how sendmail looks up
> 		entries in its tables? That is, does it stop once
> 		it find the first matching key (which is the way
> 		I'd do it), or does it have some sort of resolution
> 		mechanism for when multiple keys in, say,
> 		/etc/mail/access, match? I can't find a definitive
> 		answer to this question in any online or printed docs.
> 
> 	4) I'd like to blacklist certain TO: addresses for ALL
> 		Domains I host, without having to make an entry
> 		in /etc/mail/access for each address in each Domain
> 		(e.g. BLAddrX at Domain1.com, BLAddrY at Domain2.com,
> 		BLAddrZ at Domain, etc). However, it seems that I can't
> 		do that without listing all the Domains in
> 		/etc/mail/local-host-names (Class {w}), which breaks
> 		mailertable. Also, since there is NO local delivery,
> 		I shouldn't be using /etc/mail/local-host-names at
> 		all, should I?
> 
I cannot address all of your points but I can share what I have done
regarding a distantly related setup. Using sendmail 8.13.x I have set up
relay-domains to define those domains that are "accepted" by the
mailserver, mailertable to tell which host the mail gets relayed to
depending on the virtual host specified, delay_checks and
blacklist_recipients are defined in my .mc file, and I use the access
file to control users:

a) relay-domains:
domainA
domainB

b) mailertable:
domainA		relay:[host1.mydomain.tld]
domainB		relay:[host2.mydomain.tld]

c) access:
TO:domainA		REJECT
TO:domainB		REJECT
TO:me at domainA		OK
TO:him at domainA		OK
TO:her at domainB		OK
TO:them at domainB		OK
SPAM:me at domainA		FRIEND


>From how our system works, I can infer that delay_checks causes sendmail
to do a lookup in access first. A REJECT will do that .. an OK will
allow sendmail to continue processing the mail. In this case, unless a
user is specifically listed in the access table, mail is blocked with a
standard 550 ERROR: Mailbox Disabled for this recipient.

>From there, it looks at relay-domains to verify this domain is allowed
email. If so, then it refers to mailertable to send the mail off.
Naturally, in my example, host1 and host2 are configured to accept mail
for the domains being relayed to them. The only thing that I do not have
is a virtuser rewrite wherein domainA is mapped to a different host. 

Hopefully this will help shed a little light on to how to get your setup
running.

Sven Willenberger
Systems Administration
Delmarva Online, Inc.