Re: [SLUG] One for the smtp routing guru's
Thanks Tom for the info on libmilter, I will go have a look at it on Monday. I still have to work out how to combine it with the ldap authenticate smtp part (got that working in another mta). Cheers Pete -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] One for the smtp routing guru's
Peter Rundle said: > without any tampering, others however are obviously evil and their > mail must go via the corporate server to have whatever degrading > indignaties are to be imposed on them (virus scanning, long winded > legalise tacked on the end, all nudie pictures removed etc...) This can all be done with libmilter (part of the sendmail distribution). > you have to put OSS between "commercial" software and the internet to > stop it from becoming spam central. ;-) Sendmail these days comes with a lot of SPAM stomping features... > Of course a smart user might try to set their "mail from" to something > else and put a quite note in the body of the message requesting the > recipient not reply to the envelope address but to the address written > ... > this doesn't match the envelop "mail from" something nasty might happen > to their e-mail... libmilter again. > Now the tricky bit, if the "mail from" is NOT in the "naughty users > list" > their mail gets released to the ether undamaged, otherwise, their mail > is > routed to the corporate server for appropriate tampering before heading > out. ditto. All you have to do is to write a mail filter program that does all this (or multiples that do a bit at a time). Ok, this is a pretty new feature in sendmail but I am working on one that does virus scanning... The guys who wrote the scanner have actually used a rather clever feature in sendmail so they can use a mailer to send all the mail to the mailer first and the mailer re-injects the mail into sendmail who then delivers it to the final destination. That way all the mail goes through the mailer who can do with it as it pleases (including throwing it into a black hole). Ok, this is more than just tweaking the *.cf file... My statement was that it can be done. BTW, I have dealt with both sendmail and qmail and my choice is sendmail. Yes, I know, the learning curve for sendmail IS much steeper but it is much more feature-rich (and potentially bug-prone). Further, I do have to refer to the doco quite often as I DON'T remember everything about it. tom. Consultant AUSSECPhone: 61 4 1768 2202 339 Blaxland Rd., Ryde NSW 2112 Email: [EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] One for the smtp routing guru's
> Some users are allowed to have their e-mail delivered > without any tampering, others however are obviously evil and their > mail must go via the corporate server to have whatever degrading > indignaties are to be imposed on them (virus scanning, long winded > legalise tacked on the end, all nudie pictures removed etc...) Why not go the whole hog and do polygraph tests to see who really harbours evil intents? Or, if the evil is deep-rooted, a priest for an exorcism? Perhaps the evil lies in the eye of the beholder? Perhaps those in control are afraid of what's in their own hearts, are afraid that one tenth of it lies in those of others. Good luck with the MTA, but I think you are chasing shadows. Jamie -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] One for the smtp routing guru's
On Thu, 7 Dec 2000, tom burkart wrote: > Yeah, but sendmail can do all this... Even if you shake your head in > disbelief - or was it just because you or Rodos can't do it :-P So why leave us in suspense Tom, if its so easy give us all an education. I guess if people already knew the answer they would not be asking. Rodos -- [EMAIL PROTECTED] | The first 90% of the code accounts for 90% of the Camion Technology | development time. The remaining 10% of the code +61 2 9873 5105 | accounts for the other 90% of the development time. | [Tom Cargill] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] One for the smtp routing guru's
On Thu, 7 Dec 2000, Peter Rundle wrote: > Sendmail seems to be in the way way too hard basket (besides Rodos said > it wouldn't work anyway). So perhaps I need to look at qmail or see if > our local resident perl genius can really "whip up my own mta". I just > love these guys that can build a nuclear reactor with three lines of > perl code. Yeah right. Qmail? ROFL! 3 lines of perl maybe! > Many different users set their mua to use the mail server as their > outbound smtp. Some users are allowed to have their e-mail delivered > ... Yeah, but sendmail can do all this... Even if you shake your head in disbelief - or was it just because you or Rodos can't do it :-P tom. Consultant AUSSECPhone: 61 4 1768 2202 339 Blaxland Rd., Ryde NSW 2112 Email: [EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] One for the smtp routing guru's
> That whoosh you just heard was the sound of the joke going way over your > head. No that whoosh was the sound of the sendmail config going way over my head ;-) Sendmail seems to be in the way way too hard basket (besides Rodos said it wouldn't work anyway). So perhaps I need to look at qmail or see if our local resident perl genius can really "whip up my own mta". I just love these guys that can build a nuclear reactor with three lines of perl code. Anyway, for the curious, the point of the exercise is. Many different users set their mua to use the mail server as their outbound smtp. Some users are allowed to have their e-mail delivered without any tampering, others however are obviously evil and their mail must go via the corporate server to have whatever degrading indignaties are to be imposed on them (virus scanning, long winded legalise tacked on the end, all nudie pictures removed etc...) Why can't I just tell the good guys to use the mta, and the bad guys the corporate e-mail server? Well...there's this "firewall" thing so the corporate server only excepts mail from the mta... (well sometimes you have to put OSS between "commercial" software and the internet to stop it from becoming spam central. ;-) Of course a smart user might try to set their "mail from" to something else and put a quite note in the body of the message requesting the recipient not reply to the envelope address but to the address written in the message body. Thus they could maybe get around the system and have their e-mails set free onto the ether without corporate tampering. But unfortunately for them, their e-mail admin has forseen this and is busy working out how to configure the smtp agent to use authenticated smtp to fetch the users "mail" attribute from the ldap directory. If this doesn't match the envelop "mail from" something nasty might happen to their e-mail... Now the tricky bit, if the "mail from" is NOT in the "naughty users list" their mail gets released to the ether undamaged, otherwise, their mail is routed to the corporate server for appropriate tampering before heading out. Clear as Mud? rgds Pete -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] One for the smtp routing guru's
On Thu, Dec 07, 2000 at 03:43:14PM +1100, tom burkart wrote: > > Just wait until next time you have to hack sendmail.cf, you'll wish it > Hack sendmail.cf??? What do we have m4 for? I have better things to That whoosh you just heard was the sound of the joke going way over your head. Cheers, John -- whois [EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] One for the smtp routing guru's
> Hack sendmail.cf??? What do we have m4 for? I have better things to > waste my time on. Maybe like a modern modular mailer? I wouldn't usually do the "use postfix" thing, but that alliteration was *way* too good to waste. - Jeff -- [EMAIL PROTECTED] --- http://linux.conf.au/ -- "Free software never simply picks up its marbles and goes home." - Jonathan Corbet, LWN -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] One for the smtp routing guru's
On Thu, 7 Dec 2000, John Clarke wrote: > Just wait until next time you have to hack sendmail.cf, you'll wish it Hack sendmail.cf??? What do we have m4 for? I have better things to waste my time on. tom. Consultant AUSSECPhone: 61 4 1768 2202 339 Blaxland Rd., Ryde NSW 2112 Email: [EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] One for the smtp routing guru's
On Thu, Dec 07, 2000 at 11:33:02AM +1100, Rodos wrote: > Who ever thought sendmail would be so easy! Just wait until next time you have to hack sendmail.cf, you'll wish it really was that easy :-) Cheers, John -- >Either too much or not enough drugs... Hands up, everyone who thought "sendmail.cf". -- Adam J. Thornton -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] One for the smtp routing guru's
On Thu, 7 Dec 2000, John Clarke wrote: > > # pass names that still have a host to a smarthost (if defined) > > R$* < @ $* > $* $: $>95 < $S > $1 < @ $2 > $3 glue on smarthost name > > Corection. This is actually inside Parse1. Ruleset 0 calls Parse0, > then ruleset 98, then Parse1. Ruleset 98 is the place to put all your > local hacks. This can be done with `LOCAL_RULE_0' and `LOCAL_RULESETS' > in the .mc file. Yes I saw this when I did some more hunting and reading of the bat book. > Anyway, it doesn' help. Ruleset 0 works on the *recipient's* address. > If I understand correctly, you want to change the delivery based on the > sender's address. Yep, thats why I suggested adding something to the to domain. > A simpler alternative is to modify the recipient's addresses when you > want to relay via a different host. To send to `user@domain' via > `relay', try `user%domain@relay'. I've tested it here and it seems to > work OK, but only if `relay' will relay mail from your IP address. Be > careful you don't create an open relay for spammers to exploit. You know when I was looking at the rule that glued on the smart host name I thought to myself that it looked like it was just adding the smart host onto the end of the address, I just could not understand it enought to see what it was really doing. Well done John, problem solved. Thats a really handy thing being able to pick your relay. Who ever thought sendmail would be so easy! RodosZZ -- [EMAIL PROTECTED] | What goes up must come down. Ask any Windows NT system Camion Technology | administrator. [Anon] +61 2 9873 5105 | -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] One for the smtp routing guru's
On Thu, Dec 07, 2000 at 09:13:06AM +1100, Rodos wrote: > Ruleset 0 does the setting of the delivery agent, my sendmail.cf has this > in it within ruleset 0. [snip] > # pass names that still have a host to a smarthost (if defined) > R$* < @ $* > $* $: $>95 < $S > $1 < @ $2 > $3 glue on smarthost name Corection. This is actually inside Parse1. Ruleset 0 calls Parse0, then ruleset 98, then Parse1. Ruleset 98 is the place to put all your local hacks. This can be done with `LOCAL_RULE_0' and `LOCAL_RULESETS' in the .mc file. Anyway, it doesn' help. Ruleset 0 works on the *recipient's* address. If I understand correctly, you want to change the delivery based on the sender's address. Ruleset flow is like this: +---+ -->| 0 |-->resolved address, recipient(s) only / +---+ /+---+ +---+ />| 1 |-->| S |-- +---+ / +---+ / +---+ +---+ \+---+ addr-->| 3 |-->| D |-- --->| 4 |-->msg +---+ +---+ \ +---+ +---+ /+---+ --->| 2 |-->| R |-- +---+ +---+ D -- sender domain addition S -- mailer-specific sender rewriting R -- mailer-specific recipient rewriting All addresses are passed through ruleset 3. The recipient's address(es) are then passed through ruleset 0 to determine the mailers. This is where you need to change the relay host. Unfortunately, if you want to do this based on the sender's address, I think you're out of luck. A simpler alternative is to modify the recipient's addresses when you want to relay via a different host. To send to `user@domain' via `relay', try `user%domain@relay'. I've tested it here and it seems to work OK, but only if `relay' will relay mail from your IP address. Be careful you don't create an open relay for spammers to exploit. Cheers, John -- whois [EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] One for the smtp routing guru's
On Thu, 7 Dec 2000, Peter Rundle wrote: > I.E using Mozilla at home I send a message with my from address as > me at work. I want this mail to be forwarded to the work mta server > first before it goes out to the world. However, I decide to send a > mail to a friend (and just for the sake of the argument let's assume > that I have a least one friend ;-) I want the MTA to send it direct > to the destination (or at least to the DNS MX server). Sounds like you need a MUA that supports multiple accounts or roles that lets you change the SMTP server based on which role you are. Pine has roles but it does not let you override the STMP server. Maybe mutt will let you do it. Otherwise if you were really desperate you try and get sendmail to do it, which is probably why you are after a guru, which I am not. The way I would approach it was that for certain from domains I would use a smart relay (work) and everything else send direct. The problem is how to do that. Ruleset 0 does the setting of the delivery agent, my sendmail.cf has this in it within ruleset 0. ++ # short circuit local delivery so forwarded email works R$=L < @ $=w . >$#local $: @ $1 special local names R$+ < @ $=w . > $#local $: $1 regular local name # resolve remotely connected UUCP links (if any) # resolve fake top level domains by forwarding to other hosts # pass names that still have a host to a smarthost (if defined) R$* < @ $* > $* $: $>95 < $S > $1 < @ $2 > $3 glue on smarthost name # deal with other remote names R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 [EMAIL PROTECTED] # handle locally delivered names R$=L$#local $: @ $1 special local names R$+ $#local $: $1 regular local names ++ Notice that it does various tests to set the $# variable to something like local, esmtp. One of them use $S which is your smart host definition. Ruleset 0 only get the to address though. You might be able to format the address differently such as [EMAIL PROTECTED] In Ruleset 0 you could test for viawork in the address and set the delivery agent. Then in ruleset 2 hack the viawork off. The chapters in the Bat book are "8 - Addresses and Rules", "9 - Rules set 0". Well thats all way beyond my understanding but it may be a start. Rodos -- [EMAIL PROTECTED] | Programming is like sex: one mistake and you have to Camion Technology | support it for the rest of your life. [Michael Sinz] +61 2 9873 5105 | -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] One for the smtp routing guru's
Rodos wrote: > Peter can you give us an example? Are you after something in the MUA > (reader) or the MTA (sendmail)? The users outbound MTA. I.E using Mozilla at home I send a message with my from address as me at work. I want this mail to be forwarded to the work mta server first before it goes out to the world. However, I decide to send a mail to a friend (and just for the sake of the argument let's assume that I have a least one friend ;-) I want the MTA to send it direct to the destination (or at least to the DNS MX server). Cheers Pete -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] One for the smtp routing guru's
On Thu, 7 Dec 2000, Peter Rundle wrote: > Here's a weird one. Does anybody know of any e-mail product > that can make routing decisions based on the senders (mail from) > domain rather than the recipients? Peter can you give us an example? Are you after something in the MUA (reader) or the MTA (sendmail)? Do you mean something like if I send mail from my home address I use my ISPs relay but if I use my work address the mail goes via my relay at work, therefore all the headers look nice and don't reveal anything they should not. Rodos -- [EMAIL PROTECTED] | The computer allows you to make mistakes faster than Camion Technology | any other invention, with the possible exception of +61 2 9873 5105 | handguns and tequila. [Mitch Ratcliffe] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
[SLUG] One for the smtp routing guru's
Sluggers, Here's a weird one. Does anybody know of any e-mail product that can make routing decisions based on the senders (mail from) domain rather than the recipients? On linux of course ;-) rgds Pete -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
