Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

access.db - local mail considerations?

7 views
Skip to first unread message

Centurion

unread,
May 13, 2004, 3:12:19 AM5/13/04
to
Hi All,

Quick question, but first some background. We have a mail gateway running
sendmail 8.12.10 (IIRC). We have the access.db feature enabled. This
machine serves two purposes:
1. relay mail to an internal MS-Exchange server (eg, example1.com and
example2.com)
2. operate as an IMAP server for two other domains (eg, other1.com and
other2.com)

Here's the relevant lines from our sendmail.mc file:
FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')
define(`confCW_FILE', `-o /etc/mail/local-host-names')

We have written a couple of scripts to extract all the valid e-mail
addresses out of our Active Directory and create a new /etc/mail/access
file then generate the access.db file. The idea being we will bounce mail
addressed to unknown users both internally and externally.

However the format of /etc/mail/access (pre-hashed) looks like this:

To:us...@example1.com RELAY
To:us...@example2.com RELAY
...
To:example1.com ERROR:"User unknown"
To:example2.com ERROR:"User unknown"

Do I need to add the locally delivered domains' addresses (eg,
"To:lo...@other1.com *???*" etc) to the access file or will sendmail
still look at /etc/passwd and /etc/mail/local-host-names to derive locally
delivered mail even if local addresses aren't in the access file? Is there
a better way to do this (virtusertable maybe)?

James
--
Hickory Dickory Dock,
The mice ran up the clock,
The clock struck one,
The others escaped with minor injuries.

Per Hedeland

unread,
May 13, 2004, 5:11:39 PM5/13/04
to
In article <knjbn1-...@gandalf.grayonline.id.au> Centurion

<spam...@nowhere.com> writes:
>
>We have written a couple of scripts to extract all the valid e-mail
>addresses out of our Active Directory and create a new /etc/mail/access
>file then generate the access.db file. The idea being we will bounce mail
>addressed to unknown users both internally and externally.
>
>However the format of /etc/mail/access (pre-hashed) looks like this:
>
>To:us...@example1.com RELAY
>To:us...@example2.com RELAY
>...
>To:example1.com ERROR:"User unknown"
>To:example2.com ERROR:"User unknown"

That won't work - see the article I posted yesterday:

http://groups.google.com/groups?selm=c7u23h%241fbk%2...@hedeland.org

It's about a secondary MX, but there's no real difference from what
you're doing in this respect. To do the rest of the "long story":

You need to allow relaying to the *domains*, i.e. have an entries like

To:example1.com RELAY
To:example2.com RELAY

- but you obviously can't have both those entries and the ones above.

>Do I need to add the locally delivered domains' addresses (eg,
>"To:lo...@other1.com *???*" etc) to the access file or will sendmail
>still look at /etc/passwd and /etc/mail/local-host-names to derive locally
>delivered mail even if local addresses aren't in the access file?

Why would you need to have them in the access table? You're using
FEATURE(blacklist_recipients), not FEATURE(whitelist_recipients).:-)

--Per Hedeland
p...@hedeland.org

Claus Aßmann

unread,
May 13, 2004, 6:14:49 PM5/13/04
to
Per Hedeland wrote:
> Centurion writes:

> >To:us...@example1.com RELAY
> >To:us...@example2.com RELAY

> >To:example1.com ERROR:"User unknown"


> >To:example2.com ERROR:"User unknown"

> That won't work - see the article I posted yesterday:

It might work in 8.13 if this is added to the mc file:

define(`_RELAY_FULL_ADDR_', `1')

though I haven't tried it myself.

--
A: Maybe because some people are too annoyed by top-posting.
Q: Why do I not get an answer to my question(s)?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

Per Hedeland

unread,
May 15, 2004, 2:39:28 PM5/15/04
to
In article <c80s0p$ur$1...@zardoc.esmtp.org> Claus
=?iso-8859-1?Q?A=DFmann?=

<ca+sendmail(-no-copies-please)@mine.informatik.uni-kiel.de> writes:
>Per Hedeland wrote:
>> Centurion writes:
>
>> >To:us...@example1.com RELAY
>> >To:us...@example2.com RELAY
>
>> >To:example1.com ERROR:"User unknown"
>> >To:example2.com ERROR:"User unknown"
>
>> That won't work - see the article I posted yesterday:
>
>It might work in 8.13 if this is added to the mc file:
>
>define(`_RELAY_FULL_ADDR_', `1')

Great! I was just thinking as I wrote the above for the umpteenth time
that there's no particular reason that considering the complete
recipient address for relay-allow couldn't be done. This seems to work
just fine (yes, I tested it), and will be a nice solution for the "allow
only valid recipients on secondary MX" problem - it even seems to be the
"natural" thing since it is frequently tried/suggested. Is it too late
to make it an "official" FEATURE for 8.13?

--Per Hedeland
p...@hedeland.org

0 new messages