Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Simplicity does not precede complexity, but follows it.

computers / comp.mail.sendmail / Re: access_db to:user@example.org RELAY does not work

SubjectAuthor
* access_db to:user@example.org RELAY does not workMarco Moock
`* Re: access_db to:user@example.org RELAY does not workClaus Aßmann
 `* Re: access_db to:user@example.org RELAY does not workMarco Moock
  `- Re: access_db to:user@example.org RELAY does not workClaus Aßmann

1
access_db to:user@example.org RELAY does not work

<20220630131627.3ffd3c68@M09428>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=495&group=comp.mail.sendmail#495

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: mo0...@posteo.de (Marco Moock)
Newsgroups: comp.mail.sendmail
Subject: access_db to:user@example.org RELAY does not work
Date: Thu, 30 Jun 2022 13:16:27 +0200
Organization: A noiseless patient Spider
Lines: 71
Message-ID: <20220630131627.3ffd3c68@M09428>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Info: reader01.eternal-september.org; posting-host="0cd57469cf3e9ab7e994824f60140927";
logging-data="1819169"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/HmVl9lYhI0Y/IeyvXW04a"
Cancel-Lock: sha1:521lDTxLOFUsJuaGsFnh2l12X1E=
 by: Marco Moock - Thu, 30 Jun 2022 11:16 UTC

Hello,
I am trying to create a whitelist of recipient addresses that can be
relayed.
I would like to allow only certain addresses, all others should be
rejected.
e.g. I like to allow user1@example.org, user2@example.org and reject
all other addresses like anything @example.org.

This is a test system, but on a productive system I want to avoid accepting mails for non-existing users and sending out bounce emails.

In the /etc/mail/access is
To:ok@example.org RELAY
To:example.org REJECT

It is being used (I tried other entries and converted the DB with
sendmailconfig), but it does not work as I thought it will work.

Although, I was able to create a blacklist:
To:ok@example.org REJECT
To:example.org RELAY
does work, ok is being rejected, anything else is being relayed.

250 xxx Hello xxxx
[IPv6:2001:xxx] (may be forged), pleased to meet you
mail from:<test@example.com> 250 2.1.0 <test@example.com>... Sender ok
rcpt to:<asddf@example.org>
550 5.2.1 <asddf@example.org>... Mailbox disabled for this recipient
rcpt to:<ok@example.org>
550 5.7.1 <ok@example.org>... Relaying denied. IP name possibly forged
[IPv6:xxx]
I am aware that no PTR record is set, but this shouldn't be the problem
here, because the "blacklist" works.

blacklist recipients is enabled. I also did run sendmailconfig to create the database and convert mc to cf.

divert(0)dnl
define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
VERSIONID(`$Id: sendmail.mc, v 8.15.2-22ubuntu3 2021-12-09 00:18:01 cowboy Exp $')
OSTYPE(`debian')dnl
DOMAIN(`debian-mta')dnl
undefine(`confHOST_STATUS_DIRECTORY')dnl #DAEMON_HOSTSTATS=
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl
DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=20xxxx')dnl
DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl
define(`confPRIVACY_FLAGS',
`needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl
define(`confCONNECTION_RATE_THROTTLE', `15')dnl
define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`access_db', , `skip')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`greet_pause', `100')dnl 1 seconds
FEATURE(`delay_checks', `friend', `n')dnl
define(`confBAD_RCPT_THROTTLE',`3')dnl
FEATURE(`conncontrol', `nodelay', `terminate')dnl
FEATURE(`ratecontrol', `nodelay', `terminate')dnl
include(`/etc/mail/m4/dialup.m4')dnl
include(`/etc/mail/m4/provider.m4')dnl
MAILER_DEFINITIONS
MAILER(`local')dnl
MAILER(`smtp')dnl

What did I do wrong here?
--
kind regards
Marco

Re: access_db to:user@example.org RELAY does not work

<t9kk7e$iej$1@news.misty.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=496&group=comp.mail.sendmail#496

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_...@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: access_db to:user@example.org RELAY does not work
Date: Thu, 30 Jun 2022 12:49:50 -0400 (EDT)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <t9kk7e$iej$1@news.misty.com>
References: <20220630131627.3ffd3c68@M09428>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 30 Jun 2022 16:49:50 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="18899"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
 by: Claus Aßmann - Thu, 30 Jun 2022 16:49 UTC

Marco Moock wrote:

> To:ok@example.org RELAY

> rcpt to:<ok@example.org>
> 550 5.7.1 <ok@example.org>... Relaying denied. IP name possibly forged

> FEATURE(`access_db', , `skip')dnl

You forgot to enable an option, see cf/README:

Notice: If a second argument is specified it must contain the option
`-T<TMPF>' as shown above. The optional parameters may be

`skip' enables SKIP as value part (see below).
`lookupdotdomain' another way to enable the feature of the
same name (see above).
`relaytofulladdress' enable entries of the form
To:user@example.com RELAY
to allow relaying to just a specific
e-mail address instead of an entire domain.

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

Re: access_db to:user@example.org RELAY does not work

<20220701121136.5eef6cc2@M09428>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=497&group=comp.mail.sendmail#497

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: mo0...@posteo.de (Marco Moock)
Newsgroups: comp.mail.sendmail
Subject: Re: access_db to:user@example.org RELAY does not work
Date: Fri, 1 Jul 2022 12:11:36 +0200
Organization: A noiseless patient Spider
Lines: 23
Message-ID: <20220701121136.5eef6cc2@M09428>
References: <20220630131627.3ffd3c68@M09428>
<t9kk7e$iej$1@news.misty.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: reader01.eternal-september.org; posting-host="558377dbeee7f828b73c485c2561f7c7";
logging-data="2341950"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX192TilVfgZd73aZ4ehOnUS3"
Cancel-Lock: sha1:rw0CxrQJhxJesdkH5ZjonkW8PzM=
 by: Marco Moock - Fri, 1 Jul 2022 10:11 UTC

Am Thu, 30 Jun 2022 12:49:50 -0400 (EDT)
schrieb Claus Aßmann
<INVALID_NO_CC_REMOVE_IF_YOU_DO_NOT_POST_ml+sendmail(-no-copies-please)@esmtp.org>:

> You forgot to enable an option, see cf/README:

Thanks Claus for your answer.
It did work after I changed it.

The line looks like
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access', `relaytofulladdress')dnl
if anybody else is interested.

I think that should be documented in
https://www.sendmail.org/~ca/email/doc8.12/cf/m4/anti_spam.html
e.g. with an example of the access DB that relays to a full address and that the special option in the sendmail.mc access db FEATURE is necessary.
--
kind regards
Marco

Re: access_db to:user@example.org RELAY does not work

<t9mk15$n0u$1@news.misty.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=498&group=comp.mail.sendmail#498

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_...@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: access_db to:user@example.org RELAY does not work
Date: Fri, 1 Jul 2022 06:58:45 -0400 (EDT)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <t9mk15$n0u$1@news.misty.com>
References: <20220630131627.3ffd3c68@M09428> <t9kk7e$iej$1@news.misty.com> <20220701121136.5eef6cc2@M09428>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 1 Jul 2022 10:58:45 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="23582"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
 by: Claus Aßmann - Fri, 1 Jul 2022 10:58 UTC

Marco Moock wrote:

> https://www.sendmail.org/~ca/email/doc8.12/cf/m4/anti_spam.html

That's 8.12...

The documentation which is relevant comes with the sendmail
distribution.

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor