HPE Community
Operating System - HP-UX
1855653 Members
8694 Online
104113 Solutions
New Discussion

Re: Preventing user from sending mails

 
SOLVED
Go to solution
P. Prinsloo
Advisor

‎10-22-2002 11:17 PM

‎10-22-2002 11:17 PM

Preventing user from sending mails

Hi,

Is there any way that I can stop 1 user from sending a mail on my server. Its Os is HP-UX 11
Wally
0 Kudos
Reply
6 REPLIES 6
Jean-Louis Phelix
Honored Contributor

‎10-22-2002 11:25 PM

‎10-22-2002 11:25 PM

Re: Preventing user from sending mails

Hi

Did you try /sbin/init.d/sendmail stop ?

Regards,

Jean-Louis.
It works for me (© Bill McNAMARA ...)
0 Kudos
Reply
P. Prinsloo
Advisor

‎10-22-2002 11:28 PM

‎10-22-2002 11:28 PM

Re: Preventing user from sending mails

I need everone else to work but only this one particular user on to be able to use mail
Wally
0 Kudos
Reply
Jean-Louis Phelix
Honored Contributor

‎10-22-2002 11:45 PM

‎10-22-2002 11:45 PM

Solution

Re: Preventing user from sending mails

Ok, I found this UNSUPPORTED way of doing it ... Good luck ...

Regards,

Jean-Louis.


KLTKBRC00005431
Restricting a user from using sendmail
Document Information Table
Restricting a user from using sendmail DocId: KLTKBRC00005431 Updated: 1/31/01 11:42:00 AM

PROBLEM

How can a single user be restricted from using sendmail?

CONFIGURATION
HP-UX 10.20 - 11.0
RESOLUTION

Note: the following ruleset is not supported by HP and adding the ruleset to
the sendmail.cf file renders the file as unsupported by HP. HP is not
responsible for damage to, or loss of email resulting from the use of this
ruleset. The following is offered as an example at the request of HP
customers. Deploy this ruleset at your own risk.

To restict a certain user (named 'kevin' in this example) from sending mail
beyond the local domain see the following check_compat rule set . . .

SGet_domain
R$* $: $>3 $1 focus on host
R$* <@ $+. > $* $1 <@ $2> $3 strip trailing dots
R$* <@ $+ > $* $: $2 isolate the host
R$* . $+ . $+ $@ $2 . $3 strip host and subdomains

SGet_user
R$* $: $>3 $1 focus on host
R$* <@ $+ > $* $@ $1 discard host

Scheck_compat
R$* $| $* $: $1 $| $>Get_domain $2 fetch recipient domain
R$* $| $=w $@ ok local is okay
R$* $| $m $@ ok local is okay
R$* $| $* $: $>Get_user $1 fetch sender user
Rkevin $#error $@ 5.1.3 $: "account may not mail outside domain"

First set up two subroutines. The Get_domain routine reduces its workspace to
just the domain part of an address. The Get_user reduces an address to just
the user portion. These two subroutines are called by check_compat.

The first rule in check_compat uses the Get_domain subroutine to convert the
address on the right (the recipient) into just a domain name. The right side
is compared to the local hosts names ($=w and $m). If the domain is local,
delivery is allowed.

If the domain is not local, it calls Get_user to fetch the user part of the
address on the left (the sender). If the user is 'kevin', delivery is denied.

Note that such rule sets cannot be tested in rule-testing mode because that
mode interprets the expression $| (when you enter it at the > prompt) wrongly
as two separate text characters instead of correctly as a single operator. See
Section 29.10.3, "The check_relay Rule Set" for one suggested solution to this
problem.




It works for me (© Bill McNAMARA ...)
Reply
U.SivaKumar_2
Honored Contributor

‎10-23-2002 12:02 AM

‎10-23-2002 12:02 AM

Re: Preventing user from sending mails

Hi,
Take a backup of /etc/mail/access
Edit /etc/mail/access
Add this line.

localusername REJECT

Create access.db
makemap dbm /etc/mail/access < /etc/mail/access

Hope this will work.

regards,
U.SivaKumar


Innovations are made when conventions are broken
0 Kudos
Reply
P. Prinsloo
Advisor

‎10-23-2002 01:37 AM

‎10-23-2002 01:37 AM

Re: Preventing user from sending mails

Thanks but I could not get it to work with either of the solutions.
I eventually just created an alais in the user's .profile which points to another file rather than /usr/bin/mail.

It is a simple solution but it works.
Wally
0 Kudos
Reply
W.C. Epperson
Trusted Contributor

‎10-24-2002 04:53 AM

‎10-24-2002 04:53 AM

Re: Preventing user from sending mails

The alias will work only until discovered (which might be never).

In order to use the "access" database, you not only need to load and build it, you need the sendmail.cf stuff to use it:
Kaccess dbm -o /etc/mail/access
plus the rulesets to support it (lookupdomain, lookupaddress, check*). This is not trivial to do, and probably also makes your sendmail.cf non-HP-supportable.
"I have great faith in fools; self-confidence, my friends call it." --Poe
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.