Getting virtusertable to match with only the localpart of the email address
Joe Maimon
I was trying a quick and dirty method for getting sendmail to match
entries in the virtusertable that look like this:
joe@ error:nouser No such user
my-list@ error:nouser No such user
j...@myvirtdomain.com joe
my-list@myvirtdomain my-list
The point being to block aliases on the system from being used across
all domain names a sendmail box mx's for.
Patch is on bottom of message and available at
http://jmaimon.com/sendmail/patches/localpart_virtuser.proto.m4.patch
I would appreciate any comments up to and including 'its stupid heres
why'.
Thanks
Joe M.
To do this I ran this patch on the m4/proto.m4
You will then need to add this line to sendmail.mc
define(`_MY_DIRTY_VIRTUSER_LOCALPART_HACK_')dnl
--- /usr/lib/sendmail-cf/m4/proto.m4.orig Wed Nov 20 15:11:17
2002
+++ /usr/lib/sendmail-cf/m4/proto.m4 Wed Nov 20 15:35:51 2002
@@ -1048,6 +1048,13 @@
`R<!> $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $)
> $1 < @ $2 . >')
dnl input: <result-of-lookup | @> local<@domain> | <!> local<@domain>
R<!> $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @
$2 . >
+ifdef(`_MY_DIRTY_VIRTUSER_LOCALPART_HACK_',`dnl
+dnl Try matches withonly local part
+ifdef(`_VIRTUSER_ENTIRE_DOMAIN_',
+`R<@> $+ < @ $* $={VirtHost} . > $: < $(virtuser $1 @ $2 $3 $@
$1 $: @ $) > $1 < @ $2 $3 . >',
+`R<@> $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $@ $1 $: @ $) >
$1 < @ $2 . >')
+R<@> $+ < @ $=w . > $: < $(virtuser $1 @ $@ $1 $: @ $) > $1 < @ $2
. >')
+
dnl if <@> local<@domain>: no match but try lookup
dnl user+detail: try user++@domain if detail not empty
R<@> $+ + $+ < @ $* . >
John Oliver
> Hey,
>
> I was trying a quick and dirty method for getting sendmail to match
> entries in the virtusertable that look like this:
>
> joe@ error:nouser No such user
> my-list@ error:nouser No such user
> j...@myvirtdomain.com joe
> my-list@myvirtdomain my-list
What's wrong with using a error:nouser No such user "catch all" for each
domain,a nd just not alias "joe" for any domain you don't want there to
be a joe account for?
--
John Oliver, CCNA http://www.john-oliver.net/
Linux/UNIX/network consulting http://www.john-oliver.net/resume/
*** sendmail, Apache, ftp, DNS, spam filtering ***
**** Colocation, T1s, web/email/ftp hosting ****
Joe Maimon
> On 20 Nov 2002 13:02:16 -0800, Joe Maimon wrote:
> > Hey,
> >
> > I was trying a quick and dirty method for getting sendmail to match
> > entries in the virtusertable that look like this:
> >
> > joe@ error:nouser No such user
> > my-list@ error:nouser No such user
> > j...@myvirtdomain.com joe
> > my-list@myvirtdomain my-list
>
> What's wrong with using a error:nouser No such user "catch all" for each
> domain,a nd just not alias "joe" for any domain you don't want there to
> be a joe account for?
Nothing. Its a very usefull feature.
You could explicitly declare for every domain name that any unmatched
local-part for this domain is rejected. Sendmail already supports
this.
This allows you to explicitly declare that any local-part with an
unmatched domain is rejected. Or is mapped to x, which puts it in the
same breath-catching applicability to all domains on your server much
like aliases.
This really helps when you inherit a mishmash which was not ideally
mapped like you pointed out and now must stay pretty much intact
because its a 'feature' for many of your user population with their
multiple domains.
I actualy was under the impression that the virtusertable already
supported that and I could even use something like this:
noc@ error:nouser There is no user < noc@%4 >
Which would look even nicer is the NDR
I might try next something like a default entry for virtusertable and
access map.
That would have come in handy when I decomissioned an old server had I
been able to specify in access:
default REJECT We now have a new mail server
and in virt
@ error:nouser No users are hosted here any more.
Thanks for the feedback.
Joe M