First post for me here, please forgive any shortcomings

My environment:
P3 500 128mb
RH9 kernel 2.4.20-6
Sendmail 8.12.8-5
Squirrelmail 1.2.11-1

I am trying to configure sendmail to filter mail in AND out.
I have this sendmail server servicing mail for DomainA. I have another mail server (DomainB).

I want:
Any mail traffic between A and B allowed
Any mail destined from A to anywhere other than B denied
EXCEPT for a single user (notify@domainA) to be allowed to send anywhere.

I have already restricted inbound port 25 connections from hitting the mail server with iptables, which works well.

I have read all the chapters in O'Reilly's most recent sendmail book about rulesets (very confusing language) and filters with access.db and the only thing that seems to come close is the "FEATURE (`check_compat'). As far as I can tell, though it only regulates user/user or domain/domain, but not user/domain.

All helpful suggestions are appreciated!

/etc/mail/access is the key to all your sendmail issues

check the foll file for extensive help
/usr/share/sendmail{version}/README
anyway ur problem is not very diff to solve
infact u can control user/domain pair also using /etc/mail/access
but dont forget to run foll command after modifying access file-
makemap hash /etc/mail/access < /etc/mail/access

I appreciate the pointers. I have perused the README, and many sites on the internet and have not found any specific help doing what I want to do.

I'd like to get some sample syntax and a detailed a, b, c, etc. I'm sure it must be very simple, I just can't find any examples of exactly what I'm trying to do anywhere.

Thanks in advance....

The site you must bookmark is

<http://www.sendmail.ORG>

and that is the place to look for detailed instructions on how to achieve what seem like arcane tasks with sendmail.

You can even do a site search there, using the Google engine, with which you are no doubt already comfortable and familiar.

And that reveals

<http://www.sendmail.org/tips/relaying.html>

where you will find details help on which features to turn on and off in your sendmail.mc file, which once edited must be run through m4, using

#> make clean
#> make

to generate a new sendmail.cf, and details of how to configure /etc/mail/access (which also must be processed to create a db file).

Thanks for the pointer...I actually had read that page, but it does not help as I am not trying to control relaying per se. Relaying on the server is off and is not an issue.

Please read my original post carefully

I am mainly trying to control OUTBOUND mail originating by/from users on the mail server.

I believe the access.db to be key but can not find any exacting, detailed examples of how to achieve user/domain and domain/domain limitations.

If my sendmail server is A and my other mail server is B, then I want:
A accepts inbound mail only from B
A always and only allows outbound mail to B (no mail allowed to rest of world)
EXCEPT for a specified user@A that can send mail anywhere in the world.

Thanks for any help!

When you say inbound mail from B, do you mean mail relayed
from B, or only originating from B, because there is a difference.


So are these the rules -

if sender is user@A then deliver (to any given address)

elif sender is *@B then deliver on A if TO: is *@A, otherwise bounce

elif destination is *@B then send to B

I think you need to think through your rules carefully, considering
what to do in all cases, and see if you can actually achieve your results with just the access feature.

How are you going to prevent people on A forging messages?

Will not anybody on A be able to telnet to port 25 on A and send a message using a FROM field with specifieduser and thus circumvent the check?

well just modify ur sendmail.mc file as follows:
1.Disable relay_entire_domains and accept_unresolvable_domains FEATURE,if already enabled.
2.Enable relay_mail_from and if necessary relay_hosts_only FEATURE.
3.Put access_db definition if not there
now your /etc/mail/access should look like this:
(cosidering your n/w add is 192.168.1.x and your mail server A is not a gateway)
192.168.1 REJECT
From:B OK
To:B OK
From:user@A OK
To:user@A OK

then run command
makemap hash /etc/mail/access < /etc/mail/access

and start sendmail
i hope this will solve ur problem
-Sidd

Thanks for the reply, Corin, I'll try to be more specific here:

Both of these mail servers are mine:

DomainA is sendmail mta with squirrelmail hosted outside our firewall. We want to email sensitive data to customers securely, so we are hosting a webmail server where they will have accounts and we can send sensitive data there for them to view via secure web access.

DomainB is our exchange server inside our firewall, hosting our company mail, which is where the mail to our customers will originate from.

I'm setting up the webmail server so that our company can securely send mail somewhere our customers can view it (securely). I don't want any of the sensitive data forwarded out to other email accounts (even the customers'), but I have a script that will send out delivery notification to the customer to come and check their mail.

So my wishes are:
all mail between exchange and sendmail is ok. (domainA/domainB OK)
no mail delivery allowed to/from sendmail server from anywhere else (domainA/* REJECT)
user notify@domainA can send anywhere (notify@domainA/* OK)

I hope that helps everyone understand more clearly.

I have iptables running not to allow inbound port 25 connections from anywhere other than the IP of my exchange server, so that part is a non issue.

Sashhoney, I will try your suggestions but I have a question...what does the "192.168.1 REJECT" do in access file? Is that what disables delivery to everywhere except the hosts and users below?

I will try these things and post back shortly.

Ok, exactly as you suggested, substituting my actual network for 192.168.1

Sendmail is still delivering messages to outside domains for all users on the mail server.

Any other ideas?

Well as I said, after you explained in your post about the relaying (detailed at sendmail.ORG) not being the actual control you wanted to do, I have a feeling that you are going to have to roll up your sleeves and very carefully sit down and right the rules out which I tried to make an attempt at doing.

Then you are going to have to become a sendmail guru and actually handcraft these rules into your sendmail.cf, and forget about sendmail.mc since the features it provides are not fine enough for the control you want to do.

Since sendmail.cf configuration is a black art, you must proceeed very cautiously, adding/changing one one rule at a time and thoroughly testing it.

The obvious way to proceed because of the security aspect is to lock off everything first, all messages regardless of origin/destination get bounced and gradually let things through according to your criteria of matching originating user and host, and destination user and host.

If you feel that you do not wish to become an expert in the black arts of sendmail configuration, then install exim which is a much more easily configurable mailer, has security authentication with keys, and ACLs.

<http://www.exim.ORG>

Linux gives you the power to choose, but with that power comes responsibility.

well can u post ur relevant lines of senmdmail.mc file, so that we 'll be able to identify what exactly is missing.
anyway about ur first query, well if OK is used then it will override all the previously defined rules. so idea is to Reject all the relaying queries from ur n/w and allow only from ur required domain or user.
now just try to put From: and To: before ur n/w address. i dont know whether it 'll make any diff or not.

I almost have this working using only FEATURES and access file.

Here are the relevant lines of sendmail.mc:

FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`relay_mail_from',`domain')
FEATURE(relay_hosts_only)
RELAY_DOMAIN(`domainB')

And the Access File:

localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
domainB RELAY
From:user1@domainA RELAY
To:domaindB OK
From:domainA REJECT

This does several things right and is almost complete:
1. Allows inbound mail from domainB only
2. Does not allow users@domainA to send to outside world.
3. Allows only the user1@domainA to send to outside world (mail delivery notification)

The only thing lacking is it does not allow users@domainA to send to domainB. Incidentally, "To:domainB OK" doesn't make a difference, whether in or out, no mail goes to domainB except from user1

Almost home on this one...please help!

From:domainA REJECT

means that everything from domainA is REJECTED
even if TO domainB is OK.

user1@domainA RELAY means that this specific user
overides the domainA REJECT rule

The problem is you do not have (and cannot?)

From domainA and not TO domainB REJECT

which is what you want.

In fact your rule

To:domainB OK

allows anybody not prevented by the other rules
to send mail to domainB.

I'd like to understand the order things get processed better. What order do the features run, what overrides what else, etc.

It's strange that with the default behavior of sendmail is to reject mail unless there is an allow found in access_db, that the To:domainB OKdoesn't override the From:domainA REJECT.

Also,
The O'Reilly "Sendmail" 3rd edition that I am using say at the bottom of p 318 "If the host is listed with the RELAY_DOMAIN mc macro...it is relayed without checking the access database."

So, I added "RELAY_DOMAIN(`domainB')" to my sendmail.mc, but apparently the access_db is still checked for mail that originates locally.

I'm still hopefule there is a way to do this, that I am missing something easy here.

I very much want to avoid becoming a disciple of the dark art of sendmail rulesets!