Operating System - HP-UX
1745813 Members
3781 Online
108722 Solutions
New Discussion юеВ

Re: Blocking an user all outgoing mails

 
Sudhakar.J
Advisor

Blocking an user all outgoing mails

Hi,

I have HP-UX 11i running with sendmail 8.9.3

By using DS macro in sendmail, I relay all my email trafiic to an exchange server.

Now my requirement is to block all outgoing mails of a particular user in this server otherthan restricting in exchange server. Whats the best workaround?

PS:This server is not used to receive any incoming mail traffic.

ATB
Sudhakar
5 REPLIES 5
Denver Osborn
Honored Contributor

Re: Blocking an user all outgoing mails

I don't know a lot about MS Exchange, but if you were to manage to keep the user from using any mail programs, would they be allowed to "telnet exchange 25
ehlo hpuxhost
mail from: user@domain..."
to send en email using their shell on the hpux box?

-denver
Sudhakar.J
Advisor

Re: Blocking an user all outgoing mails

Hi,

Thanks for the reply.

Mails will be sent thru ORACLE APPLICATIONS
not from shell prompt.

Soo dont have to worry about hacking.

Prime reuiqrement is to block all outgoing mails of these APPLICATION users.

ATB
Sudhakar
Mic V.
Esteemed Contributor

Re: Blocking an user all outgoing mails

Then I'd say the best answer is to program the Oracle application to disallow them from sending mail...

Mic
What kind of a name is 'Wolverine'?
Steven E. Protter
Exalted Contributor

Re: Blocking an user all outgoing mails

If the user has an os account then you do the following:

add a group called nomail

change the users primary group to nomail in /etc/groups or with sam

change permissions on the sendmail binary to disallow access if not in the same group

chmod g-x sendmail

This may impact other users.

If this is an oracle user sending mail out of an oracle application:

1) shelling out, oracle provides no environment, there should be no way of using the sendmail binary other than the mail product oracle provides.

2) Item 1 being true, working the oracle applicaiton over is a better option.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Steven E. Protter
Exalted Contributor

Re: Blocking an user all outgoing mails

Actually for the sendmail part, its probably easier to add a line to the /etc/mail/access

username@hostname REJECT

Thats tab delimited.

http://www.hpux.ws/buildmail.hpux.text

This script will help you build the sendmail macro file to implement the access file.


Good Luck,

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com