[opensuse] Sendmail authentication/authorization question
I have smtp auth working fine with sendmail on opensuse 13.1 - users have to authenticate to the box (which gets handled by Activedirectory via samba etc but that is a different story) and users can use the opensuse 13.1 server to send outgoing email only after successfully authenticating. However, now I have a need to allow only certain users, and not all authenticated users, to be able to send outgoing mail through sendmail. Does anyone know how one can specify a list of users that sendmail would accept while rejecting all others, even ones who have authenticated fine? Thanks in advance for any help -- --Moby -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, 14 Mar 2014 18:03:22 -0500 Moby <moby@mobsternet.com> wrote:
However, now I have a need to allow only certain users, and not all authenticated users, to be able to send outgoing mail through sendmail. Does anyone know how one can specify a list of users that sendmail would accept while rejecting all others, even ones who have authenticated fine?
I have not done exactly that. I have only checked on whether authenticated at all. You can access $&{auth_authen} to find the authentication information, then perhaps check that in a database lookup to see if approved. If you put the check in a "Local_check_rcpt" ruleset, you could check it the recipient is local, but deny for a non-local recipient unless from an authenticated user in your allowed list. You will probably need to reference the sendmail operations manual, in "/usr/share/doc/packages/sendmail" for details. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 03/15/2014 12:40 PM, Neil Rickert wrote:
On Fri, 14 Mar 2014 18:03:22 -0500 Moby <moby@mobsternet.com> wrote:
However, now I have a need to allow only certain users, and not all authenticated users, to be able to send outgoing mail through sendmail. Does anyone know how one can specify a list of users that sendmail would accept while rejecting all others, even ones who have authenticated fine? I have not done exactly that. I have only checked on whether authenticated at all.
You can access $&{auth_authen} to find the authentication information, then perhaps check that in a database lookup to see if approved.
If you put the check in a "Local_check_rcpt" ruleset, you could check it the recipient is local, but deny for a non-local recipient unless from an authenticated user in your allowed list.
You will probably need to reference the sendmail operations manual, in "/usr/share/doc/packages/sendmail" for details. Thanks Neil, I will investigate down that path. I was sure this would have been a common enough thing but I guess not - even copious amounts of googling do not turn up any clear-cut solutions.
-- --Moby -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 03/15/2014 12:40 PM, Neil Rickert wrote:
On Fri, 14 Mar 2014 18:03:22 -0500 Moby <moby@mobsternet.com> wrote:
However, now I have a need to allow only certain users, and not all authenticated users, to be able to send outgoing mail through sendmail. Does anyone know how one can specify a list of users that sendmail would accept while rejecting all others, even ones who have authenticated fine? I have not done exactly that. I have only checked on whether authenticated at all.
You can access $&{auth_authen} to find the authentication information, then perhaps check that in a database lookup to see if approved.
If you put the check in a "Local_check_rcpt" ruleset, you could check it the recipient is local, but deny for a non-local recipient unless from an authenticated user in your allowed list.
You will probably need to reference the sendmail operations manual, in "/usr/share/doc/packages/sendmail" for details. Could one use a milter (such as mailfromd milter) for this purpose? Maybe have the milter check envfrom's auth_type to see if mail is being relayed for an authenticated user, then lookup the username in some local file?
-- --Moby They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, 15 Mar 2014 14:24:02 -0500 Moby <moby@mobsternet.com> wrote:
Could one use a milter (such as mailfromd milter) for this purpose? Maybe have the milter check envfrom's auth_type to see if mail is being relayed for an authenticated user, then lookup the username in some local file?
Yes, I believe so. However, I will admit to never writing a milter, so I don't have experience with that. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (2)
-
Moby -
Neil Rickert