Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

sendmail IDENT question

0 views
Skip to first unread message

Jon R. Kibler

unread,
Mar 11, 2003, 5:57:31 PM3/11/03
to
Greetings:

I have a couple of questions regarding IDENT in sendmail (8.12.x).

1) In sendmail's log records...
a) What is the difference between:
relay=abc@[w.x.y.z]
and
relay=IDENT:abc@[w.x.y.z]

b) If the first entry did not originate from IDENT, where did it come from?
c) If it did originate from IDENT, why isn't it prefixed with IDENT?

2) If I wanted to block on IDENTs of some common proxy servers (such as "squid" and "cacheflowserver"), what would I need as LHS entries for the access database? I have tried:
Connect:squid@
Connect:ident:squid@
squid@
ident:squid@
and none of the above seem to work against instances where the log shows either:
relay=squid@
or
relay=ident:squid@

3) I have been seeing some strange IDENTs in the log recently, such as:
relay=IDENT:/2IG+sei5xqgdUgiOFUVyuRTNS395F1i@[210.90.125.187]
relay=IDENT:btUyCM/DM+B2q12oAHypf/L/9QsXS3dJ@[80.48.248.33]
relay=IDENT:j/cFmESRvwDzgj+GdacbOVOkhLMLMZnJ@[64.253.199.169]
relay=IDENT:/2ig+210.90.125.187

Any idea why the garbage IDENTs?


Thanks in advance for any/all help!

Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC USA

Neil W Rickert

unread,
Mar 11, 2003, 7:15:18 PM3/11/03
to
"Jon R. Kibler" <Jon.Kib...@ng.aset.com> writes:

>I have a couple of questions regarding IDENT in sendmail (8.12.x).

>1) In sendmail's log records...
> a) What is the difference between:
> relay=abc@[w.x.y.z]
>and
> relay=IDENT:abc@[w.x.y.z]

I presume that it depends on the string returned by the identd daemon
on w.x.y.z

>2) If I wanted to block on IDENTs of some common proxy servers (such as "squid" and "cacheflowserver"), what would I need as LHS entries for the access database? I have tried:

Can't be done. You would need to add your own rules, maybe in a
"Local_check_relay" ruleset. You could have your rules check $&_
There is no guarantee that the string returned by ident will pass
scrutiny by the address prescanner, so you might want to use a regex
map to check this.

>3) I have been seeing some strange IDENTs in the log recently, such as:
> relay=IDENT:/2IG+sei5xqgdUgiOFUVyuRTNS395F1i@[210.90.125.187]
> relay=IDENT:btUyCM/DM+B2q12oAHypf/L/9QsXS3dJ@[80.48.248.33]
> relay=IDENT:j/cFmESRvwDzgj+GdacbOVOkhLMLMZnJ@[64.253.199.169]
> relay=IDENT:/2ig+210.90.125.187

>Any idea why the garbage IDENTs?

Some of the identd daemons can be configured to generate an encoded
token. The token and real user are saved in a local database on the
system where identd runs. This avoids information leaks (web servers
cannot grab the login ids of people who browse).

Claus Aßmann

unread,
Mar 11, 2003, 9:53:51 PM3/11/03
to
Jon R. Kibler wrote:

> 1) In sendmail's log records...
> a) What is the difference between:
> relay=abc@[w.x.y.z]
> and
> relay=IDENT:abc@[w.x.y.z]

UTSL.

getauthinfo() in sendmail/daemon.c, search for "IDENT:" and then
see RFC 1413.

0 new messages