Operating System - HP-UX
1834142 Members
2406 Online
110064 Solutions
New Discussion

email for some, not for others

 
Fred Martin_1
Valued Contributor

email for some, not for others

I have a single HP-UX machine. It is our sendmail server, and our main database server.

All users have a unix account, and therefore email access - for internal company email.

For certain "authorized by policy" users, there is an entry in sendmail's userdb, which gives them a pretty name to use for internet email (our login names are not pretty).

Only those with a userdb entry are supposed to be sending/receiving outside the company.

Is there a way in sendmail to enforce this?

Some users only have unix access (terminals) and some have PCs that POP in for mail.

Again, they all have email for internal use.

My firewall already only allows mail packets to and from my unix server, so they have to go through it in any case.

It's a bit complex because sendmail needs to relay for my own network but not others; needs to allow local email for all that have an account on the unix machine; but should only send or receive email to other networks (internet) if they have a userdb entry.
fmartin@applicatorssales.com
6 REPLIES 6
Geoff Wild
Honored Contributor

Re: email for some, not for others

I'm on course right now, so I'm not positive but, if you create an access.db (makemap hash) on /etc/mail/access with a list of all the ids:

yourdomain.com REJECT
user1@yourdomain.com OK
user2@yourdomain.com OK

That will reject everything except those you say OK for - not too sure if it stops them from sending though.....

When I get a chance, I'll look further - unless someoneelse replies.

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Fred Martin_1
Valued Contributor

Re: email for some, not for others

I think that will also stop them from using mail for local sending/receiving? I have an access file already set up to stop some spam, so I'll test it in any case.
fmartin@applicatorssales.com
Geoff Wild
Honored Contributor

Re: email for some, not for others

Yes - that is correct - it will block your other users from local mail....sorry about that...wrong answer...

I think you may have to write your own sendmail rulesets to accomplish what you want to do....

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Geoff Wild
Honored Contributor

Re: email for some, not for others

Have a look at:

http://www.sendmail.org/~ca/email/restrict.html

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Steven E. Protter
Exalted Contributor

Re: email for some, not for others

This function is normally handled in the /etc/mail/aliases file

It has entries like this:

schmobagel stevenprotter@yourdomain.net


Setting this and restarting sendmail should do the job.

Sometimes however you won't get the right address on outbound mail under these circumstances.

Then you need entries in:

/etc/mail/virtusertable

/etc/mail/genericstable


These are tab delimited and provide a user database to make sure outbound and inbound mail gets to the right user.


virtusertable
stevenprotter@yourdomain.net schmobagel


genericstable is the reverse

schmobagel stevenprotter@yourdomain.net


To get these into the databases requires running the gen_cf utility that ships with HP-UX.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Fred Martin_1
Valued Contributor

Re: email for some, not for others

Geoff,

The article on sendmail.org is interesting - I looked at my sendmail.cf file and there already is a "Local_check_rcpt" rule ... it looks like this:

SLocal_check_rcpt
Scheck_rcpt
R$* $: $1 $| $>"Local_check_rcpt" $1
R$* $| $#$* $#$2
.....etc......

There's a note in that article about having more than one Local_check_rcpt, I'll need to read up on all this.
fmartin@applicatorssales.com