From owner-freebsd-questions Sun Feb 18 8: 6:22 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail4.svr.pol.co.uk (mail4.svr.pol.co.uk [195.92.193.211]) by hub.freebsd.org (Postfix) with ESMTP id E9D5537B491 for ; Sun, 18 Feb 2001 08:06:15 -0800 (PST) Received: from modem-121.desitin.dialup.pol.co.uk ([62.136.89.121] helo=omega.my.domain) by mail4.svr.pol.co.uk with esmtp (Exim 3.13 #0) id 14UWLl-0008A6-00 for freebsd-questions@FreeBSD.ORG; Sun, 18 Feb 2001 16:06:14 +0000 Received: from freeloader.freeserve.co.uk (alpha.my.domain [192.168.0.2]) by omega.my.domain (8.11.1/8.11.1) with ESMTP id f1IG5oF00322 for ; Sun, 18 Feb 2001 16:05:50 GMT (envelope-from ianjhart@freeloader.freeserve.co.uk) Message-ID: <3A8FF2DD.5F7C9DFD@freeloader.freeserve.co.uk> Date: Sun, 18 Feb 2001 16:05:49 +0000 From: ian j hart X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.2-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-questions@FreeBSD.ORG Subject: Sendmail and Identd Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Not strictly FreeBSD this one, but I can't find anything on comp.mail.sendmail. deja->google(cannot post) Background: A feature of Win95 + IE5 + roving profiles means that some users may get the default mail profile when they log on. In effect this results in random spoofing of mail. This is the mail system for a school, so I cannot rely on the users spotting the error. What I need is to add a *sanity check* to the internal mail hub. I have an identd server I can run in the clients NT logon script. I've had a look at writing a check_* rule ( Is $g == $_? ), but it doesn't seem that you can _compare_ two values. I wrote/stole some code for checkcompat() which almost works okay. The problem with this is that the mail is already accepted. Idealy I need the transaction to fail *before* delivery so the users get an error message. A logoff/logon will usually fix the problem. I had a look at SASL but I can't get it to work. In any case this means all the users (kids remember) changing their mailer settings. Can any sendmail experts offer any sage advise. Notes: o Can you please CC me as the volume on stable is enough for my poor (home) modem. o Ditching '95 is not an option ;) o Reverting to OE4 would have to wait until the summer o It's half-term here, so now is the time to fix it. o I'm masqerading, including envelope. o Recieved mail is via IMAP This will wrap - sorry int checkcompat(to, e) register ADDRESS *to; register ENVELOPE *e; { char *ident, *at; ptrdiff_t len; static char old_name[MAXHOSTNAMELEN]; if (tTd(49, 1)) dprintf("checkcompat(to=%s, from=%s)\n", to->q_paddr, e->e_from.q_paddr); if ((ident = macvalue('_', e)) == NULL) return(EX_OK); if (strncasecmp(ident, old_name, MAXHOSTNAMELEN - 1) == 0) return(EX_OK); else (void)sprintf(old_name, "%.*s", MAXHOSTNAMELEN - 1, ident); /* pass if no identd */ if ((at = strchr(ident, '@')) == NULL) return(EX_OK); else len = at - ident; /* safe? */ if (strncasecmp(e->e_from.q_user, ident, len) != 0) { /* This is WRONG. We know the sender is a spoof. OTOH the 'real user' may not be reading their mail. Especially if their setting are == default user */ auth_warning(e, "$g=%s doesn't match $_=%s", e->e_from.q_user, ident); usrerr("553 Your email settings are incorrect"); e->e_flags |= EF_NO_BODY_RETN;/* to suppress body on return */ to->q_status = "5.7.1"; return EX_UNAVAILABLE; } return EX_OK; } TIA -- ianjhart ICT Technician. Cardinal Newman School. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message