From owner-freebsd-questions Sun Feb 18 10: 2:32 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id 53E5637B401 for ; Sun, 18 Feb 2001 10:02:16 -0800 (PST) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id f1II2B709472; Sun, 18 Feb 2001 10:02:11 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "ian j hart" , Subject: RE: Sendmail and Identd Date: Sun, 18 Feb 2001 10:02:11 -0800 Message-ID: <005701c099d4$eab634e0$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <3A8FF2DD.5F7C9DFD@freeloader.freeserve.co.uk> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG What about installing IMP or other webinterface and forcing the students that aren't savvy enough to know how to use their mail client properly to use that instead? This allows you to centralize all administration on the mail clients to in effect the central mailserver, and in addition allows the students to check mail from any browser. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of ian j hart > Sent: Sunday, February 18, 2001 8:06 AM > To: freebsd-questions@FreeBSD.ORG > Subject: Sendmail and Identd > > > Not strictly FreeBSD this one, but I can't find anything on > comp.mail.sendmail. deja->google(cannot post) > > Background: A feature of Win95 + IE5 + roving profiles means that some > users may get the default mail profile when they log on. In effect > this results in random spoofing of mail. This is the mail system for a > school, so I cannot rely on the users spotting the error. > > What I need is to add a *sanity check* to the internal mail hub. I have > an identd server I can run in the clients NT logon script. > > I've had a look at writing a check_* rule ( Is $g == $_? ), but it > doesn't seem that you can _compare_ two values. > > I wrote/stole some code for checkcompat() which almost works okay. The > problem with this is that the mail is already accepted. Idealy I need > the transaction to fail *before* delivery so the users get an error > message. A logoff/logon will usually fix the problem. > > I had a look at SASL but I can't get it to work. In any case this means > all the users (kids remember) changing their mailer settings. > > Can any sendmail experts offer any sage advise. > > Notes: > o Can you please CC me as the volume on stable is enough for my poor > (home) modem. > o Ditching '95 is not an option ;) > o Reverting to OE4 would have to wait until the summer > o It's half-term here, so now is the time to fix it. > o I'm masqerading, including envelope. > o Recieved mail is via IMAP > > This will wrap - sorry > int > checkcompat(to, e) > register ADDRESS *to; > register ENVELOPE *e; > { > char *ident, *at; > ptrdiff_t len; > static char old_name[MAXHOSTNAMELEN]; > > if (tTd(49, 1)) > dprintf("checkcompat(to=%s, from=%s)\n", > to->q_paddr, e->e_from.q_paddr); > > if ((ident = macvalue('_', e)) == NULL) > return(EX_OK); > if (strncasecmp(ident, old_name, MAXHOSTNAMELEN - 1) == 0) > return(EX_OK); > else > (void)sprintf(old_name, "%.*s", MAXHOSTNAMELEN - 1, ident); > > /* pass if no identd */ > if ((at = strchr(ident, '@')) == NULL) > return(EX_OK); > else > len = at - ident; /* safe? */ > > if (strncasecmp(e->e_from.q_user, ident, len) != 0) > { > /* > This is WRONG. We know the sender is a spoof. > OTOH the 'real user' may not be reading their mail. > Especially if their setting are == default user > */ > auth_warning(e, "$g=%s doesn't match $_=%s", e->e_from.q_user, > ident); > usrerr("553 Your email settings are incorrect"); > e->e_flags |= EF_NO_BODY_RETN;/* to suppress body on > return */ > to->q_status = "5.7.1"; > return EX_UNAVAILABLE; > } > return EX_OK; > } > > TIA > > -- > ianjhart > ICT Technician. > Cardinal Newman School. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message