Hi,
I'm looking for a way, in sendmail, to set access rule, saying:
Accept messages for domain.com only from this IP address.
I did some research yesterday, but could only find a way to restrict by
IP for all domains managed by sendmail.
Any ideas?
Regards,
Ugo
On Thu, 2006-08-31 at 09:47 -0400, Ugo Bellavance wrote:> Hi, > > I'm looking for a way, in sendmail, to set access rule, saying: > > Accept messages for domain.com only from this IP address. > > I did some research yesterday, but could only find a way to restrict by > IP for all domains managed by sendmail. > > Any ideas?It is overkill for this one job, but if you add MimeDefang (http://www.mimedefang.org) as a milter, you can easily add tests like that in perl in your filter code. Well maybe it's not overkill compared to learning how to write sendmail rulesets in its own macro language - and if you want to add virus or spam scans it is a big win. -- Les Mikesell lesmikesell at gmail.com
Ugo Bellavance schrieb:> Hi, > > I'm looking for a way, in sendmail, to set access rule, saying: > > Accept messages for domain.com only from this IP address. > > I did some research yesterday, but could only find a way to restrict > by IP for all domains managed by sendmail. > > Any ideas? > > Regards, > > UgoJust add a LOCAL_RULESET to sendmail.mc. Not that hard to realize. Alexander
Ugo Bellavance wrote:> Hi, > > I'm looking for a way, in sendmail, to set access rule, saying: > > Accept messages for domain.com only from this IP address. > > I did some research yesterday, but could only find a way to restrict by > IP for all domains managed by sendmail. > > Any ideas?Yes, add a lookup to check sending host ip against domain and add some rules to check. This has been tested in sendmail ruleset testing mode only...you probably want to run some tests of your own. eg: your sendmail is configured to relay for example.org. Add a domainip berkeley db. example.org 192.168.10.4 in domainip Add a map to sendmail.cf (after access map in this example) # Access list database (for spam stomping) Kaccess hash -T<TMPF> -o /etc/mail/access.db # Domain ip list Kdomainip hash /etc/mail/domainip.db # Configuration version number DZ8.13.1 Add rules to check sending host ip (client_addr) against domain. Put the four missing lines in your Local_check_rcpt ruleset. You cannot just copy and paste from this mail. Put a tab/tabs between the $: and $#error and the > character of each line ###################################################################### ### check_rcpt -- check SMTP `RCPT TO:' command argument ###################################################################### SLocal_check_rcpt R< $- @ $* > $: < $(domainip $2 $: ? $) > R<$&{client_addr}> $: OK R<?> $: OK R<$*> $#error $@ 5.7.1 $: "550 Relaying denied" Scheck_rcpt R$* $: $1 $| $>"Local_check_rcpt" $1 R$* $| $#$* $#$2 R$* $| $* $@ $>"Basic_check_rcpt" $1