From owner-freebsd-questions Fri Apr 25 11:01:22 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id LAA01237 for questions-outgoing; Fri, 25 Apr 1997 11:01:22 -0700 (PDT) Received: from pulp.nildram.co.uk (root@pulp.nildram.co.uk [195.112.4.8]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA01221 for ; Fri, 25 Apr 1997 11:01:16 -0700 (PDT) Received: (from uucp@localhost) by pulp.nildram.co.uk (8.7.5/8.7.3) with UUCP id RAA06983 for freebsd-questions@FreeBSD.ORG; Fri, 25 Apr 1997 17:24:26 GMT Received: from i.vaudrey ([10.0.0.5]) by mail.nemko.ltd.uk (8.8.5/8.8.5) with ESMTP id SAA01243 for ; Fri, 25 Apr 1997 18:12:34 +0100 (BST) Message-Id: <199704251712.SAA01243@mail.nemko.ltd.uk> From: "Ian Vaudrey" To: "freebsd-questions" Subject: Re: Restricting Mail To External Hosts Date: Fri, 25 Apr 1997 18:11:56 +0100 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1161 Sender: owner-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk I had no responses to this, so I had to do a bit more studying myself (yes, that is what I should've done in the first place!). This is what I've come up with, to be tacked on at the end of sendmail.cf. I've no doubt it could be substantially improved, but it does work and I hope it may be useful to others. Improvements welcome. - Ian # # check_compat rules, based on example on page 512 of the bat book. # # Will prevent local users from sending mail outside the local domain # unless their mail name is found in the file /etc/AllowExternal # # N.B. Tokenised mail names (e.g. mail.name@our.domain) will not work # without modifications to these rules. This is left as an exercise # for the reader! # F{AllowExternal} /etc/AllowExternal SGet_domain R$- $: $1 @ localhost lone username - local R$* $: $>3 $1 focus on host R$* <@ $+. > $* $1 <@ $2> $3 strip trailing dots R$* <@ $+ > $* $: $2 isolate the host R$* . $+ . $+ . $+ $@ $2 . $3 . $4 my FQDN has 3 parts #R$* . $+ . $+ $@ $2 . $3 uncomment if yours has 2 SGet_user R$* $: $>3 $1 focus on host R$* <@ $+ > $* $@ $1 discard host Scheck_compat R$* $| $* $: $1 $| $>Get_domain $2 fetch recipient domain R$* $| $=w $@ ok local, so okay R$* $| $m $@ ok local, so okay R$* $| $* $: $>Get_user $1 fetch sender username R$={AllowExternal} $@ ok Okay if found in list R$* $#error $@ 5.1.3 $: "Delivery not authorized, message refused" STranslate R$* $$| $* $: $1 $| $2 required for address testing ---------- > From: Ian Vaudrey > To: freebsd-questions > Subject: Restricting Mail To External Hosts > Date: 22 April 1997 17:36 > > I'm setting up a FreeBSD box as a SMTP/POP3 mail hub for our network. I > have less than 30 users, all of whom need to be able to mail others > within our domain, but only some of whom should be able to send and > receive mail externally. The box is set up with Sendmail 8.8.5 and > QPopper 2.2, and all out of domain traffic goes to our ISP via UUCP - > there is no other connection to the internet. > > Everything appears to work fine, except that I can't figure out how to > restrict external access. Can anybody point me in the right direction > regarding this? > > - Ian >