[Mimedefang] Re: Sendmail config (slightly OT) (Ashley M. Kirchner)

Dirk the Daring dirk at psicorps.org
Thu Jan 13 11:29:46 EST 2005


On Wed, 12 Jan 2005 Ashley M. Kirchner wrote:

>>   OK, so what do you do if SOME of the addresses @pcraft.com need to go
>>to spool.pcraft.com and the rest need to go to otherserver.pcraft.com ?
>>
>    I don't have that setup.  All domains reside on one (respective)
>server (on other words, I don't have any domains split over multiple

   Thanks for continuing on this thread.

   Unfortunately, I do have that setup. Else this would be simpler - use
mailertable and be done with it. But instead I need to use
virtusertable AND mailertable.

>>>       /etc/mail/relay-domains
>>>          Contains every single domain hosted across our entire network
>>>
>>   The problem here is that I lose the ability to blacklist by recipient
>>in /etc/mail/access
>>
>    No you don't.  I have individual recipient blocked in my
>/etc/mail/access file and it works just fine.  access gets read after
>relay-domains.

  That's not what I'm reading, altho you can tell me if I am
misinterpreting anything. Note that I am using FEATURE(`delay_checks')
which causes check_rcpt to be called before check_mail and
check_relay, as described on the Sendmail website at
http://www.sendmail.org/m4/anti_spam.html

  Anyway, in the Bat Book, Chap 7.1.3 (page 292), its says that
check_rcpt rejects empty RCPT: values, then checks to see if the
envelope-recipient address is one that is allowed to be relayed.
Presumably, this is where Class {R} is consulted, so if I use Class {R},
this will permit relaying. The access database has not been checked at
this point.

  I'm unclear as to, if relaying is permitted by the envelope-recipient
address check, if the access db is consulted next, but let's suppose
that it is. According to the bat book, check_rcpt looks up the HOST to
see if relaying is allowed, and then finally looks up the
envelope-recipient.

  Again, I'm not clear as to the order of precedence: for example, if
the access db host check results in a REJECT but the envelope-recipient
address check in the same place results in RELAY, what is the result? Or
does check_rcpt return on the first match, meaning that if the second
check (envelope-recipient address allowed to be relayed?) results in a
RELAY, there are no futher checks? Also, if any result $# is returned by
check_rcpt, check_relay isn't called at all.

  Finally, during my testing, I was unable to get access db entries to
be effective while I had defined Class {R}. And Jan Pieter Cornet (who
also replied in this thread) regards Class {R} as "evil". :-)



More information about the MIMEDefang mailing list