I have a couple of questions regarding IDENT in sendmail (8.12.x).
1) In sendmail's log records...
a) What is the difference between:
relay=abc@[w.x.y.z]
and
relay=IDENT:abc@[w.x.y.z]
b) If the first entry did not originate from IDENT, where did it come from?
c) If it did originate from IDENT, why isn't it prefixed with IDENT?
2) If I wanted to block on IDENTs of some common proxy servers (such as "squid" and "cacheflowserver"), what would I need as LHS entries for the access database? I have tried:
Connect:squid@
Connect:ident:squid@
squid@
ident:squid@
and none of the above seem to work against instances where the log shows either:
relay=squid@
or
relay=ident:squid@
3) I have been seeing some strange IDENTs in the log recently, such as:
relay=IDENT:/2IG+sei5xqgdUgiOFUVyuRTNS395F1i@[210.90.125.187]
relay=IDENT:btUyCM/DM+B2q12oAHypf/L/9QsXS3dJ@[80.48.248.33]
relay=IDENT:j/cFmESRvwDzgj+GdacbOVOkhLMLMZnJ@[64.253.199.169]
relay=IDENT:/2ig+210.90.125.187
Any idea why the garbage IDENTs?
Thanks in advance for any/all help!
Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC USA
>I have a couple of questions regarding IDENT in sendmail (8.12.x).
>1) In sendmail's log records...
> a) What is the difference between:
> relay=abc@[w.x.y.z]
>and
> relay=IDENT:abc@[w.x.y.z]
I presume that it depends on the string returned by the identd daemon
on w.x.y.z
>2) If I wanted to block on IDENTs of some common proxy servers (such as "squid" and "cacheflowserver"), what would I need as LHS entries for the access database? I have tried:
Can't be done. You would need to add your own rules, maybe in a
"Local_check_relay" ruleset. You could have your rules check $&_
There is no guarantee that the string returned by ident will pass
scrutiny by the address prescanner, so you might want to use a regex
map to check this.
>3) I have been seeing some strange IDENTs in the log recently, such as:
> relay=IDENT:/2IG+sei5xqgdUgiOFUVyuRTNS395F1i@[210.90.125.187]
> relay=IDENT:btUyCM/DM+B2q12oAHypf/L/9QsXS3dJ@[80.48.248.33]
> relay=IDENT:j/cFmESRvwDzgj+GdacbOVOkhLMLMZnJ@[64.253.199.169]
> relay=IDENT:/2ig+210.90.125.187
>Any idea why the garbage IDENTs?
Some of the identd daemons can be configured to generate an encoded
token. The token and real user are saved in a local database on the
system where identd runs. This avoids information leaks (web servers
cannot grab the login ids of people who browse).
> 1) In sendmail's log records...
> a) What is the difference between:
> relay=abc@[w.x.y.z]
> and
> relay=IDENT:abc@[w.x.y.z]
UTSL.
getauthinfo() in sendmail/daemon.c, search for "IDENT:" and then
see RFC 1413.