Messaging
cancel
Showing results for 
Search instead for 
Did you mean: 

allow e-mail in accesslist with ok option in sendmail

Michael Hayes_6
Occasional Visitor

allow e-mail in accesslist with ok option in sendmail

Hi,

I have an acceslist in sendmail 8.9.11 which blocks domains of known spammers, i also block domains like yahoo.com. Now i want to allow some e-mail adresses from yahoo.com like mike@yahoo.com.

I've created a new sendmail.cf with the file generic-hpux10.mc. Below the options which included:

divert(0)dnl
VERSIONID(`$Id: generic-hpux10.mc,v 8.11 1999/02/07 07:26:02 gshapiro Exp $')
OSTYPE(hpux11)dnl
DOMAIN(generic)dnl
define(`_X400_UUCP_')dnl
define(`_MASQUERADE_ENVELOPE_')dnl
define(`confTRY_NULL_MX_LIST',`T')dnl
define(`LUSER_RELAY',`name_of_luser_relay')dnl
define(`DATABASE_MAP_TYPE',`dbm')dnl
define(`_CLASS_U_')dnl
FEATURE(always_add_domain)dnl
FEATURE(`access_db',`hash /etc/mail/access')dnl
FEATURE(`delay_checks', `friend')dnl
FEATURE(`dnsbl', `relays.ordb.org', `Rejected - see http://ordb.org/')dnl
FEATURE(`dnsbl', `list.dsbl.org', `"554 Rejected " $&{client_addr} " found in li
st.dsbl.org"')dnl
FEATURE(`accept_unresolvable_domains')dnl
FEATURE(`accept_unqualified_senders')dnl
FEATURE(`nocanonify', `canonify_hosts')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(openmail)dnl
MAILER(uucp)dnl

It now should be possible to allow some e-mail adresses with the following line in access:

yahoo.com REJECT
mike@yahoo.com OK

All mail from yahoo.com should be blocked except from mike@yahoo.com. The problem is that this doesn't work. All the testmail are send back to sender with the message access denied. This message refers to yahoo.com REJECT.

Anyone any ideas why this option doesn't work?
many in advance

Michael
4 REPLIES
Berlene Herren
Honored Contributor

Re: allow e-mail in accesslist with ok option in sendmail

Have you tried using tag entries in the access map?

Three tags are available. They are:
â Connect: connection information (${client_addr}, ${client_name})
â From: sender
â To: recipient
If the required item is looked up in a map, it will be tried with the
corresponding tag in front, then without any tag (as a fallback to
enable backward compatibility). For example,
From:spammer@some.dom REJECT
To:friend.domain RELAY
Connect:friend.domain OK
Connect.from.domain RELAY
http://www.mindspring.com/~bkherren/dobes/index.htm
Christopher Caldwell
Honored Contributor

Re: allow e-mail in accesslist with ok option in sendmail

From
http://www.sendmail.org/~ca/email/chk-89-1.html

The access map can have domain names, e-mail addresses, local parts of e-mail addresses, and IP addresses (complete or subnets), as LHS. The lookup of data in the check_* rulesets is usually done against the most specific entry first. So it is possible to override rejections of full domains with acceptance of e-mail addresses. For example, it seems to be possible to reject all mail from SOME.DOMAIN but accept mail from FRIEND@SOME.DOMAIN by using:

FRIEND@SOME.DOMAIN OK
SOME.DOMAIN REJECT

However, the access map is also used in check_relay ruleset. So if e-mail with an address like user@SOME.DOMAIN comes from a site with the hostname SOME.DOMAIN (or HOST.SOME.DOMAIN), it will be rejected by check_relay .
Steven E. Protter
Exalted Contributor

Re: allow e-mail in accesslist with ok option in sendmail

the access file probably processes top to bottom.

yahoo.com REJECT
mike@yahoo.com OK

change to

mike@yahoo.com OK
yahoo.com REJECT

Watch the mail.log file with a tail -f when mike is trying to send mail.

If you see the reject, you need better rules, because access is processing rules from general to specific.

If that is the case then if you reject yahoo.com you reject mike. End of story.

Your solution to the fact that people use yahoo accounts to send spam is draconian in my opinion.

Try what I suggest and read the sendmail link above and you'll get a better understanding of whats going on.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Michael Hayes_6
Occasional Visitor

Re: allow e-mail in accesslist with ok option in sendmail

Hi al,

Thanks for your reply's. I'll try the suggested solutions and let you know th result.

Michael