Prev: ~~~~~~~~~~~~~~ PROSCAN TV ~~~~~~~~~~~~~~
Next: Stats comp.mail.sendmail (last 7 days)
From: Per Hedeland on 6 Jan 2010 19:22
In article <4B427170.1040106(a)hanzlici.cz> Franta Hanzlik
<franta(a)hanzlici.cz> writes:
>Andrzej Adam Filip wrote:
>>
>> 1) You can list valid addresses in the domain in virtusertable and
>> reject via virtusertable remaining addresses in the domain.
>> Search group archive for _VIRTUSER_STOP_ONE_LEVEL_RECURSION_
>> [ e.g.vian google-groups ]
>> 2) access table can be used in a similar way
>> 3) You can use LDAP based routing to get benefits of LDAP replication
>> and ability to support easily multiple secondary MXes (or multiple
>> email gateways):
>> http://www.sendmail.org/m4/ldap_routing.html
>>
>
>Hello Andrzej,
>
>thank for Your reccomendations. Finally I solve this using virtusertable
> - I'm not maintainer of these primary (highest priority) mailservers,
>their administrators not uses LDAP, total number of users, for which I'm
>doing backup MX, is less than 300 with very sporadic mailaddress changes.
>
>And regarding use of access table - I somewhere read, that using this
>method is limited, as then some other functions are not working (RBL's,
>milters, maybe yet anothers). Not sure when it aplies for some older
>sendmail versions or at all.

The access db can be used for a gazillion different things, it's
possible/likely that some of them conflict with other sendmail features,
but the functionality that (I assume) Andrzej refers to in 2) does not
AFAIK, and is the optimal solution for this IMHO.

As a backup MX you should be using access db in any case, with an entry
like 'To:backed.up.domain RELAY' - what you can do (as of 8.14.0 - in
earlier versions access db would certainly be "limited" for this
purpose) is to *instead* have an entry for each valid user. This
requires that you use the parameter `relaytofulladdress' in the FEATURE
macro, see cf/README.

--Per Hedeland
per(a)hedeland.org
From: Franta Hanzlik on 9 Jan 2010 18:53
Andrzej Adam Filip wrote:
> Franta Hanzlik<franta(a)hanzlici.cz> wrote:
>> Andrzej Adam Filip wrote:
>>> Franta Hanzlik<franta(a)hanzlici.cz> wrote:
>>>> On backup server (with sendmail 8.14.3) I want accept mails only for valid
>>>> recipients in a given domain, and reject all others. List of valid recipients
>>>> I can have e.g. in text file as
>>>> user1
>>>> user2
>>>> ...
>>>> userN
>>>> alias1
>>>> ...
>>>> aliasM
>>>>
>>>> Eventually, when server acts as backup for multiple domains, this list
>>>> items can be in form userX(a)domain1 .. aliasY(a)domainNN
>>>>
>>>> Has this request any simple solution? I do not want take all mails for
>>>> these domains ( *@domain ), as main (highest MX priority) mailserver
>>>> refuse these with nonexistent users.
>>>>
>>>> Thanks in advance
>>>> Fr. Hanzlik
>>>
>>> 1) You can list valid addresses in the domain in virtusertable and
>>> reject via virtusertable remaining addresses in the domain.
>>> Search group archive for _VIRTUSER_STOP_ONE_LEVEL_RECURSION_
>>> [ e.g.vian google-groups ]
>>> 2) access table can be used in a similar way
>>> 3) You can use LDAP based routing to get benefits of LDAP replication
>>> and ability to support easily multiple secondary MXes (or multiple
>>> email gateways):
>>> http://www.sendmail.org/m4/ldap_routing.html
>>
>> thank for Your reccomendations. Finally I solve this using virtusertable
>> - I'm not maintainer of these primary (highest priority) mailservers,
>> their administrators not uses LDAP, total number of users, for which I'm
>> doing backup MX, is less than 300 with very sporadic mailaddress changes.
>>
>> And regarding use of access table - I somewhere read, that using this
>> method is limited, as then some other functions are not working (RBL's,
>> milters, maybe yet anothers). Not sure when it aplies for some older
>> sendmail versions or at all.
>>
>> And with regard to "_VIRTUSER_STOP_ONE_LEVEL_RECURSION_" sendmail.mc
>> feature - I tried some googling, but I not found no accurate description
>> for this. And in my case things seems working well in both, whether I have
>> define(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_')
>> in my sendmail.mc, or no.
>> Can You please clarify (or send some reference to) use this option?
>
> a) I have used _VIRTUSER_STOP_ONE_LEVEL_RECURSION_ mainly as good keyword
> for searching the newsgroups archives
> [e.g. via http://groups.google.com/advanced_search ] - "your problem"
> has been discussed "a few times+".
>
> b) _VIRTUSER_STOP_ONE_LEVEL_RECURSION_ is "documented" in cf/m4/proto.m4
> file in sendmail distribution
>
> ifdef(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_',`dnl
> dnl this is not a documented option
> dnl it stops looping in virtusertable mapping if input and output
> dnl are identical, i.e., if address A is mapped to A.
> dnl it does not deal with multi-level recursion
>
> c) _VIRTUSER_STOP_ONE_LEVEL_RECURSION_ provides more preferred of two
> ways to make virtusertable pass listed addresses without rewrites but
> reject "all other/remaining" addresses in the domain.
> Otherwise tricks like rewriting "user(a)example.net -> user(a)mail.example.net"
> are required.

Hello Andrzej,

thanks for Your help. There must have been some failure on Google site
when You sent previous mail (Jan 5), when I was searched for this term.
I must say, I sought only on Google general site
"http://www.google.com/advanced_search".
And got only one result, on some russian URL. And when I'm doing same
search right now, then same search returns 74 results, and searching
on Google groups gives 59 results. I had bad day...

And regarding b) point, I did recursive grep over /usr/share/sendmail-cf/
and got what You pointed, but as I'm sendmail guru as You, it was ambiguous
for me. Docs at www.sendmail.org not help much, my
/usr/share/sendmail-cf/README refers to
http://www.sendmail.org/virtual-hosting.html
which does not exist, and Sendmail FAQ at
http://www.sendmail.org/faq/section3#3.7 refers "Virtual Hosting" at
http://www.sendmail.org/sendmailorg/frontend_dev.php/tips/virtual-hosting
which not exist too.
"virtusertable" paragraph in cf/README say nothing about this table recursive
processing.
Moreover, I had one other specialty - my internet connection is NATed
(one-to-one) on my ISP side. Then until I not turned off "relay_based_on_MX"
feature, I still had "rewrite: excessive recursion (max 50), ruleset canonify"
errors, although I had _VIRTUSER_STOP_ONE_LEVEL_RECURSION_ in action.
That�s why I doubted about right meaning of this definition.
Finally I disable "relay_based_on_MX" feature. which help (making DNS records
for NATed addresses is probably cleaner solution).

iac, many thanks.
Franta Hanzlik
From: Andrzej Adam Filip on 10 Jan 2010 15:37
Franta Hanzlik <franta(a)hanzlici.cz> wrote:
> Andrzej Adam Filip wrote:
>> Franta Hanzlik<franta(a)hanzlici.cz> wrote:
>>> Andrzej Adam Filip wrote:
>>>> Franta Hanzlik<franta(a)hanzlici.cz> wrote:
>>>>> On backup server (with sendmail 8.14.3) I want accept mails only for valid
>>>>> recipients in a given domain, and reject all others. List of valid recipients
>>>>> I can have e.g. in text file as
>>>>> user1
>>>>> user2
>>>>> ...
>>>>> userN
>>>>> alias1
>>>>> ...
>>>>> aliasM
>>>>>
>>>>> Eventually, when server acts as backup for multiple domains, this list
>>>>> items can be in form userX(a)domain1 .. aliasY(a)domainNN
>>>>>
>>>>> Has this request any simple solution? I do not want take all mails for
>>>>> these domains ( *@domain ), as main (highest MX priority) mailserver
>>>>> refuse these with nonexistent users.
>>>>>
>>>>> Thanks in advance
>>>>> Fr. Hanzlik
>>>>
>>>> 1) You can list valid addresses in the domain in virtusertable and
>>>> reject via virtusertable remaining addresses in the domain.
>>>> Search group archive for _VIRTUSER_STOP_ONE_LEVEL_RECURSION_
>>>> [ e.g.vian google-groups ]
>>>> 2) access table can be used in a similar way
>>>> 3) You can use LDAP based routing to get benefits of LDAP replication
>>>> and ability to support easily multiple secondary MXes (or multiple
>>>> email gateways):
>>>> http://www.sendmail.org/m4/ldap_routing.html
>>>
>>> thank for Your reccomendations. Finally I solve this using virtusertable
>>> - I'm not maintainer of these primary (highest priority) mailservers,
>>> their administrators not uses LDAP, total number of users, for which I'm
>>> doing backup MX, is less than 300 with very sporadic mailaddress changes.
>>>
>>> And regarding use of access table - I somewhere read, that using this
>>> method is limited, as then some other functions are not working (RBL's,
>>> milters, maybe yet anothers). Not sure when it aplies for some older
>>> sendmail versions or at all.
>>>
>>> And with regard to "_VIRTUSER_STOP_ONE_LEVEL_RECURSION_" sendmail.mc
>>> feature - I tried some googling, but I not found no accurate description
>>> for this. And in my case things seems working well in both, whether I have
>>> define(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_')
>>> in my sendmail.mc, or no.
>>> Can You please clarify (or send some reference to) use this option?
>>
>> a) I have used _VIRTUSER_STOP_ONE_LEVEL_RECURSION_ mainly as good keyword
>> for searching the newsgroups archives
>> [e.g. via http://groups.google.com/advanced_search ] - "your problem"
>> has been discussed "a few times+".
>>
>> b) _VIRTUSER_STOP_ONE_LEVEL_RECURSION_ is "documented" in cf/m4/proto.m4
>> file in sendmail distribution
>>
>> ifdef(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_',`dnl
>> dnl this is not a documented option
>> dnl it stops looping in virtusertable mapping if input and output
>> dnl are identical, i.e., if address A is mapped to A.
>> dnl it does not deal with multi-level recursion
>>
>> c) _VIRTUSER_STOP_ONE_LEVEL_RECURSION_ provides more preferred of two
>> ways to make virtusertable pass listed addresses without rewrites but
>> reject "all other/remaining" addresses in the domain.
>> Otherwise tricks like rewriting "user(a)example.net -> user(a)mail.example.net"
>> are required.
>
> Hello Andrzej,
>
> thanks for Your help. There must have been some failure on Google site
> when You sent previous mail (Jan 5), when I was searched for this term.
> I must say, I sought only on Google general site
> "http://www.google.com/advanced_search".
> And got only one result, on some russian URL. And when I'm doing same
> search right now, then same search returns 74 results, and searching
> on Google groups gives 59 results. I had bad day...

What has made you think Google can not have "a bad day"?

> And regarding b) point, I did recursive grep over /usr/share/sendmail-cf/
> and got what You pointed, but as I'm sendmail guru as You, it was ambiguous
> for me. Docs at www.sendmail.org not help much, my
> /usr/share/sendmail-cf/README refers to
> http://www.sendmail.org/virtual-hosting.html
> which does not exist,

It seems that sendmail.org has switched to php without redirecting old
html links.
Try https://www.sendmail.org/tips/virtual-hosting.php

> and Sendmail FAQ at
> http://www.sendmail.org/faq/section3#3.7 refers "Virtual Hosting" at
> http://www.sendmail.org/sendmailorg/frontend_dev.php/tips/virtual-hosting
> which not exist too.

Feel free to report "bug" in the FAQ. Email (with current year) is
provided at: http://www.sendmail.org/contact

> "virtusertable" paragraph in cf/README say nothing about this table recursive
> processing.
> Moreover, I had one other specialty - my internet connection is NATed
> (one-to-one) on my ISP side. Then until I not turned off "relay_based_on_MX"
> feature, I still had "rewrite: excessive recursion (max 50), ruleset canonify"
> errors, although I had _VIRTUSER_STOP_ONE_LEVEL_RECURSION_ in action.
> That´s why I doubted about right meaning of this definition.
> Finally I disable "relay_based_on_MX" feature. which help (making DNS records
> for NATed addresses is probably cleaner solution).

I suggest using "per relayed domain" entries in access table instead of
relay_based_on_MX too. e.g.
to:example.com RELAY

http://www.sendmail.org/m4/features.html#relay_based_on_MX

--
[pl>en Andrew] Andrzej Adam Filip : anfi(a)onet.eu : Andrzej.Filip(a)gmail.com
"Love is a snowmobile racing across the tundra and then suddenly it flips
over, pinning you underneath. At night, the ice weasels come."
-- Matt Groening
First  |  Prev  | 
Pages: 1 2
Prev: ~~~~~~~~~~~~~~ PROSCAN TV ~~~~~~~~~~~~~~
Next: Stats comp.mail.sendmail (last 7 days)