HPE Community
Operating System - HP-UX
1821584 Members
3611 Online
109633 Solutions
New Discussion юеВ

Restrict sendmail recipients

 
SOLVED
Go to solution
Dwyane Everts_1
Honored Contributor

тАО05-05-2004 05:19 AM

тАО05-05-2004 05:19 AM

Restrict sendmail recipients

All,

Does anyone know of a way to restrict who is authorized to use sendmail/mailx and who is authorized to receive emails from an HPUX 11.11 system? (sendmail version: 8.9.3)

Scenerio:
On a development server, I want the developers to only send emails to themselves, regardless of the "To:" addressee they specify.

Perhaps, is there a script I can create?

Dwyane
0 Kudos
Reply
6 REPLIES 6
Mel Burslan
Honored Contributor

тАО05-05-2004 05:38 AM

тАО05-05-2004 05:38 AM

Solution

Re: Restrict sendmail recipients

Nothing simple comes to mind but few ideas to toy with:

Part of your question was to prevent developers to send mails to anyone else to themselves and I believe you can do this by not configuring a smart relay server in the sendmail.cf file. So the mail sent by sendmail should stay inside the system. Developers should login to their accounts on the server to read them. But I believe this is not what you want. you want them to send mail to themselves on your organization's, for instance, exchange server to be read by their outlook client. If this is the case, sorry I do not know how to relay messages selectively to some addresses but with the complexite of sendmail.cf, I would not be surprised to see a macro in it to facilitate this functionality.

The other part of your question is to decide who can use mailx/sendmail or any other mail sender to send mails out I believe. Well, there is a very draconian approach that I can think of. Force all users of the system to use a restricted shell. Shell we mention here should be able to use all commands but the mail related ones that you pick out. And let the developers, who I think you would allow to send mails out, use unrestricted shells, or enhance their restricted shell capabilities by the mail sending commands that you can let them use.

Sorry, no simple solutions from my end.
________________________________
UNIX because I majored in cryptology...
Reply
Steven E. Protter
Exalted Contributor

тАО05-05-2004 05:56 AM

тАО05-05-2004 05:56 AM

Re: Restrict sendmail recipients

You can block certain repipients pretty easily:

Add them to the /etc/mail/access file and there will be no inbound or outbound mail for all users on the list. You would need to run the gen_cf utility to implement these setting.

You could shut down the accounts themsleves totally. If leroy should not send mail, then leroy in the access file will get reject on anything he sends.

Sendmail is a pretty open tool which is designed to let you send to any recipient anywhere, any legal name.

If there are specific people you don't want the system sending mail to, then /etc/mail/access will work.

To implement this you might need a sendmail macro script. Here is a location: http://www.hpux.ws/buildmail.hpux.txt

The link is currently down due to a DSL outage. It should be up shortly.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Dwyane Everts_1
Honored Contributor

тАО05-05-2004 06:04 AM

тАО05-05-2004 06:04 AM

Re: Restrict sendmail recipients

Thanks for the input, and quick responses!

As I suspected, since trusting a programmer is not an option :), and the options will require time I don't have; I have disabled sendmail completely on the development server.

That'll teach'm to write ugly code! :)

Thanks again!!
D
0 Kudos
Reply
Tom Danzig
Honored Contributor

тАО05-05-2004 07:07 AM

тАО05-05-2004 07:07 AM

Re: Restrict sendmail recipients

FYI, based on your last posting, it sounds like you have shutdown the sendmail daemon. Note that this will NOT dis-allow sending mail; only receiving it on that host.
Reply
Steven E. Protter
Exalted Contributor

тАО05-05-2004 07:24 AM

тАО05-05-2004 07:24 AM

Re: Restrict sendmail recipients

You need to change permissions on the the sendmail file as follows to prevent execution:

#for sure...
chmod o-x /usr/sbin/sendmail

#maybe...
chmod g-x /usr/sbin/sendmail

If you disabled the daemon in the /etc/rc.config.d/sendmail file by changing the first variable from 1 to zero, sendmail will be invoked with mailx calls.

Too bad you can't trust your developers.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Dwyane Everts_1
Honored Contributor

тАО05-05-2004 07:30 AM

тАО05-05-2004 07:30 AM

Re: Restrict sendmail recipients

THANKS for pointing that out. I renamed sendmail to sendmail.old. :)

D
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.