Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

You can't have everything... where would you put it? -- Steven Wright

computers / comp.mail.sendmail / Re: local-only addresses

SubjectAuthor
* local-only addressesThorsten Glaser
+- Re: local-only addressesClaus Aßmann
`- Re: local-only addressesHenning Hucke

1
local-only addresses

<Pine.BSM.4.64L.2304261344160.3563@herc.mirbsd.org>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=713&group=comp.mail.sendmail#713

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: tg...@mirbsd.de (Thorsten Glaser)
Newsgroups: comp.mail.sendmail
Subject: local-only addresses
Date: Wed, 26 Apr 2023 13:46:40 +0000
Organization: A noiseless patient Spider
Lines: 23
Message-ID: <Pine.BSM.4.64L.2304261344160.3563@herc.mirbsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=utf-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Injection-Info: dont-email.me; posting-host="a3ad8290cdd73004eac82565e7083b33";
logging-data="1489048"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+nFsQyrxXzJR9d+MrRiSJrMafzRgYLno8="
Cancel-Lock: sha1:yWNI99u9fdpLGPgtGVkJnEqYrys=
X-X-Sender: tg@herc.mirbsd.org
Content-Language: de-DE-1901, en-GB
 by: Thorsten Glaser - Wed, 26 Apr 2023 13:46 UTC

Hi,

in a BSD standard setup (MTA runs on [::]:25 or [::1]:25,
/usr/sbin/sendmail as MSA connects to [::1]:25 to deliver
locally-submitted mail), is there a way to make some
mailboxen “local-only” (i.e. allow mail delivery from
the local system only but not from the internet)?

I have access_db, so I guess I can do a…

To:foobar@example.org ERROR:"550 No delivery here."

… but do I need special handling to allow local submission to work,
or is a different way correct?

bye,
//mirabilos
--
„Cool, /usr/share/doc/mksh/examples/uhr.gz ist ja ein Grund,
mksh auf jedem System zu installieren.“
-- XTaran auf der OpenRheinRuhr, ganz begeistert
(EN: “[…]uhr.gz is a reason to install mksh on every system.”)

Re: local-only addresses

<u2biva$213$1@news.misty.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=714&group=comp.mail.sendmail#714

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_...@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: local-only addresses
Date: Wed, 26 Apr 2023 12:19:54 -0400 (EDT)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <u2biva$213$1@news.misty.com>
References: <Pine.BSM.4.64L.2304261344160.3563@herc.mirbsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 26 Apr 2023 16:19:54 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="2083"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
 by: Claus Aßmann - Wed, 26 Apr 2023 16:19 UTC

Thorsten Glaser wrote:

> in a BSD standard setup (MTA runs on [::]:25 or [::1]:25,

Which *BSD? Free, Open, Net, ???

> /usr/sbin/sendmail as MSA connects to [::1]:25 to deliver

It should connect to port 587.

> locally-submitted mail), is there a way to make some
> mailboxen "local-only" (i.e. allow mail delivery from
> the local system only but not from the internet)?

Of course, but you probably need "custom rules" - In Local_check_rcpt
check that $&{client_name} is "localhost" and if isn't then check
whether the RCPT address is "local only": if yes, reject the mail.

You can probably find example rulesets online.

Re: local-only addresses

<u2fl2q$g2v$1@sirius.aeon.icebear.cloud>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=715&group=comp.mail.sendmail#715

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: h_hucke+...@newsmail.aeon.icebear.org (Henning Hucke)
Newsgroups: comp.mail.sendmail
Subject: Re: local-only addresses
Date: Fri, 28 Apr 2023 05:20:26 -0000 (UTC)
Organization: aeon: think longer than you thought before
Lines: 39
Distribution: world
Message-ID: <u2fl2q$g2v$1@sirius.aeon.icebear.cloud>
References: <Pine.BSM.4.64L.2304261344160.3563@herc.mirbsd.org>
Reply-To: Henning Hucke <h_hucke+news.reply@newsmail.aeon.icebear.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net aDTQFtqTs1mafFpMogvl7AHt51cNGi3/BBrJg32O4HcV32ZdG8
X-Orig-Path: news.aeon.icebear.cloud!news1.aeon.icebear.cloud!.POSTED.romulus.aeon.icebear.cloud!not-for-mail
Cancel-Lock: sha1:zor8KHwFnRSNgxtU86kOrhvlNE0= sha1:3kHzfl9bj6dP4Pskx0dYFi1tPgE=
Injection-Date: Fri, 28 Apr 2023 05:20:26 -0000 (UTC)
Injection-Info: sirius.aeon.icebear.cloud; posting-host="romulus.aeon.icebear.cloud:fd09:afca:b044:1:4ecc:6aff:fecf:5c8f";
logging-data="16479"; mail-complaints-to="abuse+news@aeon.icebear.cloud"
User-Agent: tin/2.4.1-20161224 ("Daill") (UNIX) (Linux/4.9.0-15-amd64 (x86_64))
 by: Henning Hucke - Fri, 28 Apr 2023 05:20 UTC

Thorsten Glaser <tg@mirbsd.de> wrote:

> Hi,

Hello Thorsten,

> in a BSD standard setup (MTA runs on [::]:25 or [::1]:25,
> /usr/sbin/sendmail as MSA connects to [::1]:25 to deliver
> locally-submitted mail), is there a way to make some
> mailboxen “local-only” (i.e. allow mail delivery from
> the local system only but not from the internet)?

the question is indeed what exactly you rate as "local". The "sender
address" - might it be the envelope address or even the mail from
address - is no good idea since these can be faked. The same applies to
domains. Leaves IP addresses.

Look for a rule set which combines sender IP address and recipient
e-mail address for a lookup in the access database and allows wildcards.
Or run independent instances on different IP addresses and let external
systems deliver to the instance which doesn't know / blocks certain
internal addresses and internal systems to deliver to the instance which
is unrestricted - possibly run a split DNS setup where you resolv the
same DNS name to the two different IP addresses. Or use a mail domain
which is not routable in the internet - e.g. "home.arpa" - and block the
recipient addresses with the external domain and don't restrict them on
the unroutable domain.

There are lots of ways how to achieve what you gave a keyword for. In
the end it depends on what exactly you want to achieve.

> [...]

Regards,
Henning
--
Habit is habit, and not to be flung out of the window by any man, but coaxed
down-stairs a step at a time.
-- Mark Twain, "Pudd'nhead Wilson's Calendar

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor