Date: Fri, 25 Apr 1997 18:11:56 +0100 From: "Ian Vaudrey" <ivaudrey@test.nemko.ltd.uk> To: "freebsd-questions" <freebsd-questions@FreeBSD.ORG> Subject: Re: Restricting Mail To External Hosts Message-ID: <199704251712.SAA01243@mail.nemko.ltd.uk>
next in thread | raw e-mail | index | archive | help
I had no responses to this, so I had to do a bit more studying myself
(yes, that is what I should've done in the first place!). This is what
I've come up with, to be tacked on at the end of sendmail.cf. I've no
doubt it could be substantially improved, but it does work and I hope
it may be useful to others.
Improvements welcome.
- Ian
#
# check_compat rules, based on example on page 512 of the bat book.
#
# Will prevent local users from sending mail outside the local domain
# unless their mail name is found in the file /etc/AllowExternal
#
# N.B. Tokenised mail names (e.g. mail.name@our.domain) will not work
# without modifications to these rules. This is left as an exercise
# for the reader!
#
F{AllowExternal} /etc/AllowExternal
SGet_domain
R$- $: $1 @ localhost lone username - local
R$* $: $>3 $1 focus on host
R$* <@ $+. > $* $1 <@ $2> $3 strip trailing dots
R$* <@ $+ > $* $: $2 isolate the host
R$* . $+ . $+ . $+ $@ $2 . $3 . $4 my FQDN has 3 parts
#R$* . $+ . $+ $@ $2 . $3 uncomment if yours has 2
SGet_user
R$* $: $>3 $1 focus on host
R$* <@ $+ > $* $@ $1 discard host
Scheck_compat
R$* $| $* $: $1 $| $>Get_domain $2 fetch recipient domain
R$* $| $=w $@ ok local, so okay
R$* $| $m $@ ok local, so okay
R$* $| $* $: $>Get_user $1 fetch sender username
R$={AllowExternal} $@ ok Okay if found in list
R$* $#error $@ 5.1.3 $: "Delivery not authorized, message refused"
STranslate
R$* $$| $* $: $1 $| $2 required for address testing
----------
> From: Ian Vaudrey
> To: freebsd-questions
> Subject: Restricting Mail To External Hosts
> Date: 22 April 1997 17:36
>
> I'm setting up a FreeBSD box as a SMTP/POP3 mail hub for our network.
I
> have less than 30 users, all of whom need to be able to mail others
> within our domain, but only some of whom should be able to send and
> receive mail externally. The box is set up with Sendmail 8.8.5 and
> QPopper 2.2, and all out of domain traffic goes to our ISP via UUCP -
> there is no other connection to the internet.
>
> Everything appears to work fine, except that I can't figure out how
to
> restrict external access. Can anybody point me in the right direction
> regarding this?
>
> - Ian
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704251712.SAA01243>