novaBBS - comp.mail.sendmail - Checking auth user against ldap query

Checking auth user against ldap query

<tpmpp9$v6il$1@dont-email.me>

https://www.novabbs.com/computers/article-flat.php?id=652&group=comp.mail.sendmail#652

copy link Newsgroups: comp.mail.sendmail

Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: hzcnjkx...@tormails.com (None)
Newsgroups: comp.mail.sendmail
Subject: Checking auth user against ldap query
Date: Wed, 11 Jan 2023 17:57:13 +0100
Organization: A noiseless patient Spider
Lines: 9
Message-ID: <tpmpp9$v6il$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 11 Jan 2023 16:57:14 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="c0cb0a9f941c2a3ad8768fec83007da3";
logging-data="1022549"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX188TzgePBRIBk/LZYX6clapbYDj7X0DWuPdSEQmiQobiw=="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
Thunderbird/91.5.1
Cancel-Lock: sha1:ll54ETV257KL1bqqgvS2US7UyPo=
Content-Language: en-US

by: None - Wed, 11 Jan 2023 16:57 UTC

Reading this tread about the smart host wanting authinfo matching from.
I was wondering what options I have to quickly/easily increase security
a bit.
One thing I could think of, is comparing if the auth user uses the $f
that has been assigned to him. However I am using accounts != email
addresses, and these are stored in ldap.

Is such a thing possible in sendmail?

Re: Checking auth user against ldap query

<tpmst9$sn0$1@news.misty.com>

copy mid

https://www.novabbs.com/computers/article-flat.php?id=653&group=comp.mail.sendmail#653

copy link Newsgroups: comp.mail.sendmail

Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_...@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: Checking auth user against ldap query
Date: Wed, 11 Jan 2023 12:50:33 -0500 (EST)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <tpmst9$sn0$1@news.misty.com>
References: <tpmpp9$v6il$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 11 Jan 2023 17:50:33 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="29408"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)

by: Claus Aßmann - Wed, 11 Jan 2023 17:50 UTC

None wrote:

> One thing I could think of, is comparing if the auth user uses the $f
> that has been assigned to him. However I am using accounts != email
> addresses, and these are stored in ldap.

You can use a custom ruleset
LOCAL_RULESETS
SLocal_check_mail
in which you can access the macro ${auth_authen}
and an LDAP map to perform whatever tests you want.

Maybe you can find existing examples online.

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

Human beings were created by water to transport it uphill.

computers / comp.mail.sendmail / Checking auth user against ldap query

Subject	Author
Checking auth user against ldap query	None
Re: Checking auth user against ldap query	Claus Aßmann