[Mimedefang] Re: Sendmail config (slightly OT) (Ashley M. Kirchner)
Dirk the Daring
dirk at psicorps.org
Thu Jan 13 11:29:46 EST 2005
On Wed, 12 Jan 2005 Ashley M. Kirchner wrote:
>> OK, so what do you do if SOME of the addresses @pcraft.com need to go
>>to spool.pcraft.com and the rest need to go to otherserver.pcraft.com ?
>>
> I don't have that setup. All domains reside on one (respective)
>server (on other words, I don't have any domains split over multiple
Thanks for continuing on this thread.
Unfortunately, I do have that setup. Else this would be simpler - use
mailertable and be done with it. But instead I need to use
virtusertable AND mailertable.
>>> /etc/mail/relay-domains
>>> Contains every single domain hosted across our entire network
>>>
>> The problem here is that I lose the ability to blacklist by recipient
>>in /etc/mail/access
>>
> No you don't. I have individual recipient blocked in my
>/etc/mail/access file and it works just fine. access gets read after
>relay-domains.
That's not what I'm reading, altho you can tell me if I am
misinterpreting anything. Note that I am using FEATURE(`delay_checks')
which causes check_rcpt to be called before check_mail and
check_relay, as described on the Sendmail website at
http://www.sendmail.org/m4/anti_spam.html
Anyway, in the Bat Book, Chap 7.1.3 (page 292), its says that
check_rcpt rejects empty RCPT: values, then checks to see if the
envelope-recipient address is one that is allowed to be relayed.
Presumably, this is where Class {R} is consulted, so if I use Class {R},
this will permit relaying. The access database has not been checked at
this point.
I'm unclear as to, if relaying is permitted by the envelope-recipient
address check, if the access db is consulted next, but let's suppose
that it is. According to the bat book, check_rcpt looks up the HOST to
see if relaying is allowed, and then finally looks up the
envelope-recipient.
Again, I'm not clear as to the order of precedence: for example, if
the access db host check results in a REJECT but the envelope-recipient
address check in the same place results in RELAY, what is the result? Or
does check_rcpt return on the first match, meaning that if the second
check (envelope-recipient address allowed to be relayed?) results in a
RELAY, there are no futher checks? Also, if any result $# is returned by
check_rcpt, check_relay isn't called at all.
Finally, during my testing, I was unable to get access db entries to
be effective while I had defined Class {R}. And Jan Pieter Cornet (who
also replied in this thread) regards Class {R} as "evil". :-)
More information about the MIMEDefang
mailing list