how restrict recipients addresses on backup mailserver
Franta Hanzlik
recipients in a given domain, and reject all others. List of valid recipients
I can have e.g. in text file as
user1
user2
...
userN
alias1
...
aliasM
Eventually, when server acts as backup for multiple domains, this list
items can be in form userX@domain1 .. aliasY@domainNN
Has this request any simple solution? I do not want take all mails for
these domains ( *@domain ), as main (highest MX priority) mailserver
refuse these with nonexistent users.
Thanks in advance
Fr. Hanzlik
D. Stussy
news:hhp00e$r7p$1...@ns.felk.cvut.cz...
> On backup server (with sendmail 8.14.3) I want accept mails only for
valid
> recipients in a given domain, and reject all others. List of valid
recipients
> I can have e.g. in text file as
LDAP.
Andrzej Adam Filip
1) You can list valid addresses in the domain in virtusertable and
reject via virtusertable remaining addresses in the domain.
Search group archive for _VIRTUSER_STOP_ONE_LEVEL_RECURSION_
[ e.g.vian google-groups ]
2) access table can be used in a similar way
3) You can use LDAP based routing to get benefits of LDAP replication
and ability to support easily multiple secondary MXes (or multiple
email gateways):
http://www.sendmail.org/m4/ldap_routing.html
--
[pl>en Andrew] Andrzej Adam Filip : an...@onet.eu : Andrze...@gmail.com
The avocation of assessing the failures of better men can be turned
into a comfortable livelihood, providing you back it up with a Ph.D.
-- Nelson Algren, "Writers at Work"
Franta Hanzlik
Hello Andrzej,
thank for Your reccomendations. Finally I solve this using virtusertable
- I'm not maintainer of these primary (highest priority) mailservers,
their administrators not uses LDAP, total number of users, for which I'm
doing backup MX, is less than 300 with very sporadic mailaddress changes.
And regarding use of access table - I somewhere read, that using this
method is limited, as then some other functions are not working (RBL's,
milters, maybe yet anothers). Not sure when it aplies for some older
sendmail versions or at all.
And with regard to "_VIRTUSER_STOP_ONE_LEVEL_RECURSION_" sendmail.mc
feature - I tried some googling, but I not found no accurate description
for this. And in my case things seems working well in both, whether I have
define(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_')
in my sendmail.mc, or no.
Can You please clarify (or send some reference to) use this option?
Thanks, Franta
Andrzej Adam Filip
> - I'm not maintainer of these primary (highest priority) mailservers,
> their administrators not uses LDAP, total number of users, for which I'm
> doing backup MX, is less than 300 with very sporadic mailaddress changes.
>
> And regarding use of access table - I somewhere read, that using this
> method is limited, as then some other functions are not working (RBL's,
> milters, maybe yet anothers). Not sure when it aplies for some older
> sendmail versions or at all.
>
> And with regard to "_VIRTUSER_STOP_ONE_LEVEL_RECURSION_" sendmail.mc
> feature - I tried some googling, but I not found no accurate description
> for this. And in my case things seems working well in both, whether I have
> define(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_')
> in my sendmail.mc, or no.
> Can You please clarify (or send some reference to) use this option?
a) I have used _VIRTUSER_STOP_ONE_LEVEL_RECURSION_ mainly as good keyword
for searching the newsgroups archives
[e.g. via http://groups.google.com/advanced_search ] - "your problem"
has been discussed "a few times+".
b) _VIRTUSER_STOP_ONE_LEVEL_RECURSION_ is "documented" in cf/m4/proto.m4
file in sendmail distribution
ifdef(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_',`dnl
dnl this is not a documented option
dnl it stops looping in virtusertable mapping if input and output
dnl are identical, i.e., if address A is mapped to A.
dnl it does not deal with multi-level recursion
c) _VIRTUSER_STOP_ONE_LEVEL_RECURSION_ provides more preferred of two
ways to make virtusertable pass listed addresses without rewrites but
reject "all other/remaining" addresses in the domain.
Otherwise tricks like rewriting "us...@example.net -> us...@mail.example.net"
are required.
--
[pl>en Andrew] Andrzej Adam Filip : an...@onet.eu : Andrze...@gmail.com
Open-Sendmail: http://open-sendmail.sourceforge.net/
Die, v.: To stop sinning suddenly.
-- Elbert Hubbard
Per Hedeland
<fra...@hanzlici.cz> writes:
>Andrzej Adam Filip wrote:
>>
>> 1) You can list valid addresses in the domain in virtusertable and
>> reject via virtusertable remaining addresses in the domain.
>> Search group archive for _VIRTUSER_STOP_ONE_LEVEL_RECURSION_
>> [ e.g.vian google-groups ]
>> 2) access table can be used in a similar way
>> 3) You can use LDAP based routing to get benefits of LDAP replication
>> and ability to support easily multiple secondary MXes (or multiple
>> email gateways):
>> http://www.sendmail.org/m4/ldap_routing.html
>>
>
>Hello Andrzej,
>
>thank for Your reccomendations. Finally I solve this using virtusertable
> - I'm not maintainer of these primary (highest priority) mailservers,
>their administrators not uses LDAP, total number of users, for which I'm
>doing backup MX, is less than 300 with very sporadic mailaddress changes.
>
>And regarding use of access table - I somewhere read, that using this
>method is limited, as then some other functions are not working (RBL's,
>milters, maybe yet anothers). Not sure when it aplies for some older
>sendmail versions or at all.
The access db can be used for a gazillion different things, it's
possible/likely that some of them conflict with other sendmail features,
but the functionality that (I assume) Andrzej refers to in 2) does not
AFAIK, and is the optimal solution for this IMHO.
As a backup MX you should be using access db in any case, with an entry
like 'To:backed.up.domain RELAY' - what you can do (as of 8.14.0 - in
earlier versions access db would certainly be "limited" for this
purpose) is to *instead* have an entry for each valid user. This
requires that you use the parameter `relaytofulladdress' in the FEATURE
macro, see cf/README.
--Per Hedeland
p...@hedeland.org
Franta Hanzlik
Hello Andrzej,
thanks for Your help. There must have been some failure on Google site
when You sent previous mail (Jan 5), when I was searched for this term.
I must say, I sought only on Google general site
"http://www.google.com/advanced_search".
And got only one result, on some russian URL. And when I'm doing same
search right now, then same search returns 74 results, and searching
on Google groups gives 59 results. I had bad day...
And regarding b) point, I did recursive grep over /usr/share/sendmail-cf/
and got what You pointed, but as I'm sendmail guru as You, it was ambiguous
for me. Docs at www.sendmail.org not help much, my
/usr/share/sendmail-cf/README refers to
http://www.sendmail.org/virtual-hosting.html
which does not exist, and Sendmail FAQ at
http://www.sendmail.org/faq/section3#3.7 refers "Virtual Hosting" at
http://www.sendmail.org/sendmailorg/frontend_dev.php/tips/virtual-hosting
which not exist too.
"virtusertable" paragraph in cf/README say nothing about this table recursive
processing.
Moreover, I had one other specialty - my internet connection is NATed
(one-to-one) on my ISP side. Then until I not turned off "relay_based_on_MX"
feature, I still had "rewrite: excessive recursion (max 50), ruleset canonify"
errors, although I had _VIRTUSER_STOP_ONE_LEVEL_RECURSION_ in action.
That�s why I doubted about right meaning of this definition.
Finally I disable "relay_based_on_MX" feature. which help (making DNS records
for NATed addresses is probably cleaner solution).
iac, many thanks.
Franta Hanzlik
Andrzej Adam Filip
What has made you think Google can not have "a bad day"?
> And regarding b) point, I did recursive grep over /usr/share/sendmail-cf/
> and got what You pointed, but as I'm sendmail guru as You, it was ambiguous
> for me. Docs at www.sendmail.org not help much, my
> /usr/share/sendmail-cf/README refers to
> http://www.sendmail.org/virtual-hosting.html
> which does not exist,
It seems that sendmail.org has switched to php without redirecting old
html links.
Try https://www.sendmail.org/tips/virtual-hosting.php
> and Sendmail FAQ at
> http://www.sendmail.org/faq/section3#3.7 refers "Virtual Hosting" at
> http://www.sendmail.org/sendmailorg/frontend_dev.php/tips/virtual-hosting
> which not exist too.
Feel free to report "bug" in the FAQ. Email (with current year) is
provided at: http://www.sendmail.org/contact
> "virtusertable" paragraph in cf/README say nothing about this table recursive
> processing.
> Moreover, I had one other specialty - my internet connection is NATed
> (one-to-one) on my ISP side. Then until I not turned off "relay_based_on_MX"
> feature, I still had "rewrite: excessive recursion (max 50), ruleset canonify"
> errors, although I had _VIRTUSER_STOP_ONE_LEVEL_RECURSION_ in action.
> That´s why I doubted about right meaning of this definition.
> Finally I disable "relay_based_on_MX" feature. which help (making DNS records
> for NATed addresses is probably cleaner solution).
I suggest using "per relayed domain" entries in access table instead of
relay_based_on_MX too. e.g.
to:example.com RELAY
http://www.sendmail.org/m4/features.html#relay_based_on_MX
--
[pl>en Andrew] Andrzej Adam Filip : an...@onet.eu : Andrze...@gmail.com
"Love is a snowmobile racing across the tundra and then suddenly it flips
over, pinning you underneath. At night, the ice weasels come."
-- Matt Groening