Hi sendmail gurus,
I'd like to achieve the following for my outgoing relay-server:
authentication should be required in general but with some exceptions:
1. No authentication needed for hosts listed in access.db (or another
map file)
2. No authentication needed for anyone with an IP-address of a certain
range e.g. 10.1.0.0/16 if the recipient address is also an address in
one of my domains (list of some domains)
Here is what I was thinking to use:
[...sendmail.mc...]
----------------8<--------------------
LOCAL_CONFIG
dnl MY-IP-ranges
C{MYips}10.1 127.0
C{notok}nope nok reject
dnl MYdomains to which we allow unauthenticated relaying from within C{MYips}
KMYdomain hash -o /etc/mail/MYdomains
LOCAL_RULESETS
Squeuegroup
R$* $: $1
R$* [at] $* mydomain.net $# local
R$* [at] $* mydomain.com $# local
R$* $# mqueue
dnl
dnl If authenticated -> ok in any case
dnl If not authenicated -> check rcpt domain / connection IP pair
dnl if rcpt domain = "ok" in MYdomain map AND connection IP in MYips -> ok
dnl else -> reject
SLocal_check_rcpt
R$* $: $1 $| $>"Relay_ok" $1
R$* $| RELAY $ [at] OK
R$* $| $* $: $1
R$* $: $&{auth_type} $| $&{client_addr} $| $1
R$+ $| $* $| $* $ [at] OK
R$* $| $* $| $* $: $2 $| $>CanonAddr $3
R$-.$-.$-.$- $| $* < [at] $+ . > $* $: $1.$2 $| $(MYdomain $6 $: nope $)
R$={MYips} $| ok $# OK
R$* $| $={notok} $#error $ [at] 5.7.1 $: "550 Relaying denied. Not authenticated"
Does this make sense? Or is there a smarter way to achieve my goal?
Thanks
Didi
