Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

access vs relay-domains

1,194 views
Skip to first unread message

V

unread,
Jun 28, 2003, 5:43:31 AM6/28/03
to
I have been using sendmail now for three years, and by looking at
sendmail.cf I discovered, quite amazingly, for the first time the existance
of a file /etc/mail/relay-domains, that is does actually not exist on my
system. So I have been looking around for an explanation of this. The
results of this search caused some confusion and leads to my following
question:

Is there a difference between the following two:

* a line in /etc/mail/relay-domains:
mydomain.org

* and a line in /etc/mail/access(->.db):
mydomain.org RELAY

I have been using the second form quite extensively without problems, but
now I wonder whether it wouldn't be better to specify these domains in
relay-domains?

Many thanks,

--
V


Per Hedeland

unread,
Jun 28, 2003, 8:35:56 AM6/28/03
to
In article <7rdLa.3648$P26....@afrodite.telenet-ops.be> "V"

<v...@pandora.be> writes:
>Is there a difference between the following two:
>
>* a line in /etc/mail/relay-domains:
>mydomain.org
>
>* and a line in /etc/mail/access(->.db):
>mydomain.org RELAY

No.

>I have been using the second form quite extensively without problems, but
>now I wonder whether it wouldn't be better to specify these domains in
>relay-domains?

Well, the only thing that is "better" with relay-domains is that it's
perhaps simpler to use - you don't need to makemap it, you don't need to
know about the possible "values" (RHS) that you can put in access db etc
- on the other hand you need to HUP sendmail for changes to
relay-domains to take effect.

If you're already comfortable with using access db, I see no reason to
switch to relay-domains - and of course there is a huge amount of
functionality that can be implemented in access db but not in
relay-domains - see cf/README.

Just as the most trivial example, if you want to allow relaying *to*
mydomain.org without allowing relaying *for* all hosts in mydomain.org,
you're out of luck with relay-domains - with access db you just prepend
a 'To:' in the LHS.

--Per Hedeland
p...@hedeland.org

Dude

unread,
Jun 30, 2003, 6:05:06 PM6/30/03
to
Either will work. If you are interested in more "fine-grained" relaying
control, access will give it to you (through the use, for example, of
the To: prefix on the LHS.)

The relay-domains will accept relays *to* the domains listed (the same
as the access does. However, it will *also* allow relaying of e-mail
sent *from* the listed domains. (Depending on the domain, this could be
considered a security exposure.)

The contents of relay-domains ends up in class R ($=R). If you write
local rules (using a LOCAL_* section in your mc file), it can sometimes
be handy to refer to the set of relay-domains in a rule by $=R (the same
way as some local configurations refer to local-hosts as $=w).

If you are using a "stock" cf file generated from an mc file with no
LOCAL_* modifications, the access.db is probably more secure.

Dude


0 new messages