Quick question, but first some background. We have a mail gateway running
sendmail 8.12.10 (IIRC). We have the access.db feature enabled. This
machine serves two purposes:
1. relay mail to an internal MS-Exchange server (eg, example1.com and
example2.com)
2. operate as an IMAP server for two other domains (eg, other1.com and
other2.com)
Here's the relevant lines from our sendmail.mc file:
FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')
define(`confCW_FILE', `-o /etc/mail/local-host-names')
We have written a couple of scripts to extract all the valid e-mail
addresses out of our Active Directory and create a new /etc/mail/access
file then generate the access.db file. The idea being we will bounce mail
addressed to unknown users both internally and externally.
However the format of /etc/mail/access (pre-hashed) looks like this:
To:us...@example1.com RELAY
To:us...@example2.com RELAY
...
To:example1.com ERROR:"User unknown"
To:example2.com ERROR:"User unknown"
Do I need to add the locally delivered domains' addresses (eg,
"To:lo...@other1.com *???*" etc) to the access file or will sendmail
still look at /etc/passwd and /etc/mail/local-host-names to derive locally
delivered mail even if local addresses aren't in the access file? Is there
a better way to do this (virtusertable maybe)?
James
--
Hickory Dickory Dock,
The mice ran up the clock,
The clock struck one,
The others escaped with minor injuries.
That won't work - see the article I posted yesterday:
http://groups.google.com/groups?selm=c7u23h%241fbk%2...@hedeland.org
It's about a secondary MX, but there's no real difference from what
you're doing in this respect. To do the rest of the "long story":
You need to allow relaying to the *domains*, i.e. have an entries like
To:example1.com RELAY
To:example2.com RELAY
- but you obviously can't have both those entries and the ones above.
>Do I need to add the locally delivered domains' addresses (eg,
>"To:lo...@other1.com *???*" etc) to the access file or will sendmail
>still look at /etc/passwd and /etc/mail/local-host-names to derive locally
>delivered mail even if local addresses aren't in the access file?
Why would you need to have them in the access table? You're using
FEATURE(blacklist_recipients), not FEATURE(whitelist_recipients).:-)
--Per Hedeland
p...@hedeland.org
> >To:us...@example1.com RELAY
> >To:us...@example2.com RELAY
> >To:example1.com ERROR:"User unknown"
> >To:example2.com ERROR:"User unknown"
> That won't work - see the article I posted yesterday:
It might work in 8.13 if this is added to the mc file:
define(`_RELAY_FULL_ADDR_', `1')
though I haven't tried it myself.
--
A: Maybe because some people are too annoyed by top-posting.
Q: Why do I not get an answer to my question(s)?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Great! I was just thinking as I wrote the above for the umpteenth time
that there's no particular reason that considering the complete
recipient address for relay-allow couldn't be done. This seems to work
just fine (yes, I tested it), and will be a nice solution for the "allow
only valid recipients on secondary MX" problem - it even seems to be the
"natural" thing since it is frequently tried/suggested. Is it too late
to make it an "official" FEATURE for 8.13?
--Per Hedeland
p...@hedeland.org