bug-mailfromd
Re: [Bug-mailfromd] sendmail access map connect: alternative
Marc Roos <M.Roos@xxxxxxxxxxxxxxxxx> ha escrit:
> How can I move this check from from sendmail to mailfromd?
[..]
> connect:compute-1.amazonaws.com ERROR
> connect:adsl ERROR
[..]
Move these records to a separate database file. Remove the 'connect:'
prefix, it is superfluous now. From the mfl source, resolve the client
IP address[1] and do a lookup in that database[2], e.g.
set reject_db "/etc/mail/reject.db"
# in prog whatever
set remote_hostname hostname(${client_addr})
if remote_hostnane = ${client_addr}
# Hostname does not resolve
...
elif dbget(reject_db, remote_hostname) == 'ERROR'
reject
...
You may also use Sendmail macros client_resolve and client_name, if you
wish. Nnote, however that their semantics differs from what's returned by
hostname(). Refer to op.me section 5.2 for more info on these.
> Before this block I would like to put an email dns whitelist, that
> bypasses this 'net' block.
Place the above in 'prog envfrom', and do email check before it. You
may use the same database for email- and dns-based checks, if you prefix
the records with an appropriate string, say 'email:' for email-based and
'dns:' for dns-based checks:
email:foo@xxxxxxxxxxx ACCEPT
email:bar@xxxxxxx BYPASS
dns:baz.org REJECT
etc. Of course the meaining and semantics of the RHS is entirely up to
you.
Best regards,
Sergey
[1] http://puszcza.gnu.org.ua/software/mailfromd/manual/html_node/DNS-functions.html
[2] http://puszcza.gnu.org.ua/software/mailfromd/manual/html_node/Database-functions.html