LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 08-08-2003, 10:58 AM   #16
MasterC
LQ Guru
 
Registered: Mar 2002
Location: Salt Lake City, UT - USA
Distribution: Gentoo ; LFS ; Kubuntu
Posts: 12,612

Rep: Reputation: 68

Just wanted to chime in since I was asked to look this over...

I've got no clue

Corin and the crew definitely seem to be doing a fine job, amazing actually (being sendmail..) and hopefully they'll get you through this.

Good Luck!

Cool
 
Old 08-08-2003, 02:07 PM   #17
Corin
Member
 
Registered: Jul 2003
Location: Jette, Brussels Hoofstedelijk Gewest
Distribution: Debian sid, RedHat 9, Suse 8.2
Posts: 446

Rep: Reputation: 31
Can you do a further test and instead of putting

To: DomainB OK

in the file, put

To: valid_user@DomainB OK

You could also check to see if its positions in the file either at the start or at the end has any relevance.

This would be a good test to answer your first question.
 
Old 08-12-2003, 11:43 AM   #18
gljoe
LQ Newbie
 
Registered: Jul 2003
Posts: 10

Original Poster
Rep: Reputation: 0
FINALLY!!!

Thanks to everyone for their help. I'm posting this in its entirety to allow other researching it to see everything:

I have a whitelist working now...very cool, but a real pain to figure out:


domainA being my sendmail server;
domainB being my exchange server;
My goal is to allow mail delivery between domainA/domainB ONLY.
EXCEPT for a single user (user1@domainA) to be able to send mail anywhere.

I eliminated inbound port 25 connections from all other MTA's with iptables firewalling:

-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s domainB --dport 25 --syn -j ACCEPT # all others are denied by default

Then, basically disregarding all the other stuff I'd heard about the access.db, as it is NOT suitable for whitelisting, I used an obscure post from a guy name Fedorenko:

http://groups.google.com/groups?hl=e....ua%26rnum%3D1

It took a bit to get it right, though, because his fix was meant for older version of sendmail. Here is what I did to make it work for me on V8.12.8-5 (RedHat 9 rpm)

From his post I made a simple orglist file with the following contents:

--------INSERT-------------------
mailer-daemon/* OK
*/domainB OK
*/domainA OK
user1@domainA/* OK
--------INSERT-------------------

Notice that the pairing is user-email-addr / recpt domain . You can't do sender-domain/recpt-domain. The default is deny so unless you put an entry in the orglist, mail delivery will not occur for a user or domain AT ALL.

To make the orglist into a db file do:

makemap hash orglist < orglist

Then I added this at the end of my sendmail.mc:

--------INSERT----------------------
LOCAL_CONFIG
Korglist hash /etc/mail/orglist

LOCAL_RULESETS
Scheck_compat
R< $* > $| $* $1 $| $2
R $* $| < $* > $1 $| $2
R$* $| $* @ $* $: $(orglist */$3 $: DENY $) : $1 / $2 @ $3
ROK : $* $@ <OK>
RDENY : $* $: $1

R$* / $* @ $* $: $(orglist $1/* $: DENY $) : $1 / $2 @ $3
ROK : $* $@ <OK>
RDENY : $* $: $1

R$* / $* @ $* $: $(orglist $1/$3 $: DENY $) : $1 / $2 @ $3
ROK : $* $@ <OK>
RDENY : $* $#error $@ 5.7.2 $: "556 YOU ARE NOT ALLOWED TO SEND MAIL TO THIS DOMAIN"
--------INSERT--------------------

To activate everything:

m4 sendmail.mc < sendmail.cf
service sendmail restart

And now it's working. Hope this helps you not waste as much time as I did
 
Old 08-12-2003, 08:56 PM   #19
Corin
Member
 
Registered: Jul 2003
Location: Jette, Brussels Hoofstedelijk Gewest
Distribution: Debian sid, RedHat 9, Suse 8.2
Posts: 446

Rep: Reputation: 31
Glad to see that you got your problem solved.

And you did have to add some raw sendmail rules after all, but at least somebody had written them already for you :+)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
sendmail and outgoing mail shafey Linux - Networking 1 11-16-2005 04:57 AM
sendmail getting e-mail through others spam filters grizzly Linux - Software 1 08-20-2005 05:18 PM
Sendmail - wrong mail sender domain display jika Linux - Newbie 1 05-27-2005 02:29 AM
How to separate Incoming Mail and Outgoing Mail on SENDMAIL LiloAma Linux - Networking 1 03-22-2004 02:24 AM
sendmail outgoing mail karunesh Linux - General 0 11-17-2003 02:19 PM


All times are GMT -5. The time now is 10:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration