access db; /etc/mail/relay-domains
john bailo
/etc/mail/relay-domains
are they alternative ways of scoping relaying?
if so, what are the pros and cons of each?
or, do both have to be modified?
Kenneth A Kauffman
"john bailo" <jab...@earthlink.net> wrote in message
news:64fd0169.03040...@posting.google.com...
http://www.sendmail.org/tips/relaying.html
john bailo
yes, but that still doesn't answer my question. i read the faq and
it says:
FOR: /etc/mail/relay-domains
The simplest approach is to list the domains you are willing to relay
in the file /etc/mail/relay-domains. Anything listed in this file will
be accepted for relaying. N.B.: Sendmail must be restarted after this
file is modified.
FOR: /etc/mail/access
The access database (normally in /etc/mail/access) allows a mail
administrator to administratively allow access to the mail server by
individual domains. Each database entry consists of a domain name or
network number as the key and an action as the value.
but what the 'faq' doesn't say is which is to be used when, or do i
use both, or why one is better than the other, and so on, that the
jist of my post.
Jorey Bump
> FOR: /etc/mail/relay-domains
> The simplest approach is to list the domains you are willing to relay
> in the file /etc/mail/relay-domains. Anything listed in this file will
> be accepted for relaying. N.B.: Sendmail must be restarted after this
> file is modified.
>
> FOR: /etc/mail/access
> The access database (normally in /etc/mail/access) allows a mail
> administrator to administratively allow access to the mail server by
> individual domains. Each database entry consists of a domain name or
> network number as the key and an action as the value.
>
>
> but what the 'faq' doesn't say is which is to be used when, or do i
> use both, or why one is better than the other, and so on, that the
> jist of my post.
Changes to relay-domains requires a restart of the sendmail daemon.
Changing the access database only requires you to rebuild the map. If
you make these changes often, or use scripts that do so dynamically, the
access database is preferable, otherwise it is probably just a matter of
taste. Some people like access because it's multipurpose, so you can
target various features in one editing session.
Kenneth A Kauffman
It is also my understanding that the access map has more versatility by
enabling the use of not only domains for relaying but also specific email
addresses, etc. If you try to set up this functionality in relay-domains
using the relay-local-from, then this can be bypassed by forging sender
address.
ken k
ken k
Claus Aßmann
> i'm confused as to the relationship between /etc/mail/access and
> /etc/mail/relay-domains
> are they alternative ways of scoping relaying?
The access map can do more than just allowing to relay.
See cf/README for details.
> if so, what are the pros and cons of each?
access_db
+ finer control
- need makemap
relay-domains
+ very simple
- must restart sendmail after changes
- less control
> or, do both have to be modified?
No.
kclo2000
sepearately for testing purpose. I found out that using access.db is much
faster for email delivery. Is it related with the faster response of
database lookup?
"Claus Aßmann" <ca+sendmail(-no-copies-please)@mine.informatik.uni-kiel.de>
wrote in message news:b6vmu1$l9g$1...@zardoc.esmtp.org...
Chuck Yerkes
john bailo wrote:
> i'm confused as to the relationship between /etc/mail/access and
> /etc/mail/relay-domains
>
> are they alternative ways of scoping relaying?
yes, more or less (access map can do more).
> if so, what are the pros and cons of each?
>
> or, do both have to be modified?
access is a map. Maps can be changed and sendmail will use those
changes immediately. Indeed, you can put any map into DNS (via hesiod),
LDAP, a file (most common), etc. Maps entries are looked up at the
time they are needed.
With db 3 and 4, you can have lots and lots and lots of entries with
mininal performance impact. SLeepyCat DB is extraordinarily fast.
Heck, a 30MHz Ultrix box with 50,000 aliases with DB1.85 did lookups
instantaneously, even if the "newaliases" command took up to 10
minutes).
relay-domains gets fed into a sendmail "Class" via an F commaond (read
the file). This is read ONCE, on sendmail startup. Changes to these
files (relay-domains, local-host-names, etc) require a restart of the
sendmail daemon.
Relay domains was kind of there first. Access has been the common place
to control general access to the machine. It can have folks you allow
to relay, sites/users to block, machines to block, things to require TLS
for certain sites, etc.
The general sense is to use the access map and let the relay domains
file die off as an unnecessary duplicate of funcionality.
Per Hedeland
<kclo...@netvigator.com> writes:
>I have tried to add 100K domains entries into access.db and relay-domains
>sepearately for testing purpose. I found out that using access.db is much
>faster for email delivery. Is it related with the faster response of
>database lookup?
I would guess that there is something wrong with your test. Lookups in
Berkeley DB are indeed very fast, but the entire contents of a flat
class file like relay-domains are read into memory by sendmail, which
accesses those contents with a hashing scheme. It's *possible* that
Berkeley DB these days is so advanced that it beats that, due to a more
advanced hashing scheme in combination with the db file becoming fully
memory resident (100k entries isn't all that much) via the file system
cache, but I wouldn't think so.
--Per Hedeland
p...@hedeland.org
Gary Mussar
wrote in message news:b6vmu1$l9g$1...@zardoc.esmtp.org...
> + finer control
> - need makemap
>
> relay-domains
> + very simple
> - must restart sendmail after changes
> - less control
I found that using relay-domains allows all the spam filtering (like dnsbl)
on the server to be effective for the relayed domain. If you allow relaying
for the domain with the access_db, you bypass all the dnsbl stuff, etc.. I
thought this was a deliberate and useful difference.
Gary
