[Mimedefang] sendmail access.db question

scuba at centroin.com.br scuba at centroin.com.br
Wed Oct 26 10:04:23 EDT 2005

Hi all,

	Hitchhiking the thread, how can I use the access.db to create a 
"deny all" rule?
	I want to allow only my relays to delivery mail to an internal 
	Something like this:

Connect:mail1.domain.com	RELAY
Connect:mail2.domain.com	RELAY
Connect:<everything_else>	REJECT

- Marcelo


On Tue, 11 Oct 2005, Sven Willenberger wrote:

|On Thu, 2005-10-06 at 13:08 -0400, Frank Marsolais wrote:
|> >"Martin J. Dellwo" wrote:
|> >> >
|> >> I have implemented an access.db with FEATURE(`access') in sendmail, with
|> >> lots of 'To:<someword>@domain.com  REJECT' lines to block unknown users
|> >> (or currently unknown but former users).  Does this get checked before
|> >> or after MIMEDefang?  How would I distinguish this in the mail syslogs>
|> >> (I have pretty high logging level turned on).  If the user is unknown on
|> >> the system and would therefore be rejected anyway, am I gaining anything
|> >> by using the access.db?
|> >To blacklist a recipient, you must have the blacklist recipients feature
|> >enabled. If you have blacklist recipients enabled, it would get checked
|> >before MIMEDefang.
|> >If you really want to blacklist recipients, use the virtusertable -- it
|> >is MUCH simpler. In fact, we have found the easiest way to bounce email
|> >for any user that does not exist any longer is to list all valid users in
|> >the virtusertable, then create an entry such as:
|> >@ourdom.com ERROR:5.1.1:"550 No such user in domain ourdom.com"
|> >Or, you could explicitly reject a former user by:
|> >joe at ourdom.com ERROR:5.1.1:"550 Joe don't live here no more"
|Sendmail's default bounce message for blacklisted recipients is "Mailbox
|disabled for this recipient" when invoked from the access file. What we
|actually do is use blacklist_recipients and then create our access.db
|file to resemble:
|TO:ourdomain       REJECT
|TO:user1 at ourdomain OK
|TO:user2 at ourdomain OK
|TO:user3 at ourdomain OK
|This is especially useful on inbound (MX) machines where the final users
|are not local to that machine (and where virtusertable would have to
|rewrite the username to have it be delivered to the next hop)
|Visit http://www.mimedefang.org and http://www.roaringpenguin.com
|MIMEDefang mailing list
|MIMEDefang at lists.roaringpenguin.com

More information about the MIMEDefang mailing list