Hi folks,

i'm trying to solve an issue regarding recipient address verification.

First of all my setup looks this way:

external MTA --- Firewall --- internal MTA

Currently the external MTA is configured as a backup MX. It accepts all email
for example.com and forwards it via a mailertable-entry thru the firewall to the
internal MTA.

Due to the increasing amount of SPAM (sigh) i'am looking for a way to block all
invalid recipients at the external MTA instead of forwarding everything to the
internal MTA.

Luckily the internal MTA gets its config via LDAP. Therefore my plan is/was to
push the necessary configuration with slurp to the external MTA and do some kind
of recipient address verification.

My first try was to write a Local_check_rcpt ruleset that looks up the recipient
in access_db (prefixed with rav:). But unfortunatly it seems that while my
ruleset works when called via sendmail -bt it does not during a SMTP-Session.

The ruleset is pretty straight forward if smoe how a bit crude:

---------- CUT HERE ----------
LOCAL_RULESETS
SLocal_check_rcpt
R$* $: <$( access rav : $1 $: REJECT $)> $1
R<OK> $+ $# ok
R<REJECT> $* $# error $ [at] 5 . 7 . 1 $: 550 Access denied
---------- CUT HERE ----------

the access file looks like this

---------- CUT HERE ----------
rav:foo [at] example.com OK
to:example.com RELAY
---------- CUT HERE ----------

Oh and the whole show is supposed to run on an SLES 10/sendmail 8.13.6

Any idea?

--


Mit freundlichem Gruss...

...Christian 'poedi' Nordmann



orgatech GmbH - Ihr Partner in Sachen Internet

Scheideweg 65 - D-26121 Oldenburg - fon +49-441-98347-0 - fax +49-441-98347-29

Geschaeftsfuehrer Claus Plachetka - HRB 4521 - Amtsgericht Oldenburg
Steuer-Nr 64/211/01406 - VAT-ID: DE220516052

Keyid/-fingerprint: 73C811B6/5752 B408 D2DD D2DA 361B 8B83 94AA 8F24 73C8 11B6

Christian poedi Nordmann wrote:

> My first try was to write a Local_check_rcpt ruleset that looks up the recipient
> in access_db (prefixed with rav:). But unfortunatly it seems that while my
> ruleset works when called via sendmail -bt it does not during a SMTP-Session.
>
> The ruleset is pretty straight forward if smoe how a bit crude:
>
> ---------- CUT HERE ----------
> LOCAL_RULESETS
> SLocal_check_rcpt
> R$* $: <$( access rav : $1 $: REJECT $)> $1
> R<OK> $+ $# ok
> R<REJECT> $* $# error $ [at] 5 . 7 . 1 $: 550 Access denied
> ---------- CUT HERE ----------
>
> the access file looks like this
>
> ---------- CUT HERE ----------
> rav:foo [at] example.com OK
> to:example.com RELAY
> ---------- CUT HERE ----------
>
> Oh and the whole show is supposed to run on an SLES 10/sendmail 8.13.6
>
> Any idea?

Test for < and > around the address and remove those if present.
Put this as the first rule in Local_check_rcpt:

R< $* > $1


And make sure you can handle local generated mail (output of cron jobs
for example) directed to local aliases. You probably want to skip
this recipient lookup in access table if the mail was originated local.

Regards,

Kees.

--
Kees Theunissen.

Kees Theunissen wrote:

> Test for < and > around the address and remove those if present.
> Put this as the first rule in Local_check_rcpt:
>
> R< $* > $1

*d'uh* I definitly need some days off...

O'Reilly's Bat, 2nd Edition, says it on page 509:

"The workspace that is passed to check_rcpt receives is the address following
the colon."

Call me Homer J.;)

> Regards,
> Kees.

--


Mit freundlichem Gruss...

...Christian 'poedi' Nordmann



orgatech GmbH - Ihr Partner in Sachen Internet

Scheideweg 65 - D-26121 Oldenburg - fon +49-441-98347-0 - fax +49-441-98347-29

Geschaeftsfuehrer Claus Plachetka - HRB 4521 - Amtsgericht Oldenburg
Steuer-Nr 64/211/01406 - VAT-ID: DE220516052

Keyid/-fingerprint: 73C811B6/5752 B408 D2DD D2DA 361B 8B83 94AA 8F24 73C8 11B6