Protecting internal aliases against E-Mail from external addresses.

Last Update 1999-02-08
This example ruleset protects internal aliases against mail from external senders. It uses class w to detect local senders/recipients. Attention: this protection is only based on the address information given in the envelope of the e-mail which can be easily forged.

List those aliases (which are local) in a file:

F{Internal}/etc/mail/intern.only
Then the rules work like this:
Scheck_compat
# if the recipient isn't internal, they get the mail
R$+ $| $+			$: <@> $1 $| $>3 $2
R<@>$+$|$={Internal}<@$=w.>	$: $1 $| <$2@$3>
R<@>$+$|$={Internal}		$: $1 $| <$2@$j>
# no internal alias
R<@>$+			$@ OK
# check to see if the sender is local
R<$+@$=w> $| $+		$@ OK
R$+ $| $+		$#error $: 551 $1 not allowed to send to $2
The ruleset works like this:
  1. is the recipient a local alias (listed in the file)?
  2. if no: OK
  3. if yes: the sender must be local too
  4. if it isn't: error

A more sophisticated ruleset has been posted to comp.mail.sendmail .


[(links)] [Hints] [Avoiding UBE] [cf/README] [New]
Copyright © Claus Aßmann Please send comments to: <ca@sendmail.org>