Protecting internal aliases against E-Mail from external addresses.

Last Update 2002-05-02
This example ruleset protects internal aliases against mail from external senders. It uses class w to detect local senders/recipients. Attention: this protection is only based on the address information given in the envelope of the e-mail which can be easily forged.

List those aliases (which are local) in a file:

LOCAL_CONFIG
F{Internal}/etc/mail/intern.only
Then the rules work like this:
LOCAL_RULESETS
SLocal_check_rcpt
# if the recipient isn't internal, they get the mail
R$+			$: <@> $>3 $1
R<@> $={Internal}<@$=w.>	$: <$1@$2>
R<@> $={Internal}		$: <$1@$j>
# no internal alias
R<@>$+			$@ OK
# check to see if the sender is local
R$*				$: $>3 $&f
R$+<@$=w.>	$@ OK
# empty sender: accept (RFC 1123)
R<@>		$@ OK
R$+			$#error $: 551 $&f not allowed to send to recipient

Before 8.9, you have to use Scheck_rcpt instead of SLocal_check_rcpt.

The ruleset works like this:

  1. is the recipient a local alias (listed in the file)?
  2. if no: OK
  3. if yes: the sender must be local too
  4. if it isn't: error

A more sophisticated ruleset has been posted to comp.mail.sendmail .

A slightly better solution is to check the relaying host instead of the sender address, however, this requires that you don't have other servers "in front" of the one that performs these checks.

LOCAL_RULESETS
SLocal_check_rcpt
...
# check to see if the sender is local
R$*			$: $&{client_name}
# or some other class instead of m
R$*$=m		$@ OKSOFAR
R$*			$#error $: 551 $&f not allowed to send to recipient
You can also use $&{client_name}; or you can lookup the name/address in the access map.

A much better solution is possible in sendmail 8.10 using SMTP AUTH. It requires that the sender is authenticated, for example:

LOCAL_RULESETS
SLocal_check_rcpt
...
# check to see if the sender is local
R$*			$: $&{auth_type}
R$+			$@ OKSOFAR
R$*			$#error $: 551 $&f not allowed to send to recipient
Of course you can use also other AUTH macros such as {auth_authen} or {auth_author} to provide even finer access control.

Combining Rulesets

If you want to use several rulesets SLocal_check_rcpt you should turn them into subroutines and call them, e.g.,
LOCAL_RULESETS
SLocal_check_rcpt
R$*			$: $1 $| $>"Protect" $1
R$* $| $#$*		$#$2
R$* $| $*		$: $1 $| $>"Restrict" $1
R$* $| $#$*		$#$2
and rename the other rulesets:
LOCAL_RULESETS
SProtect
...
SRestrict
...

[(links)] [Hints] [Avoiding UBE] [cf/README] [New]
Copyright © Claus Aßmann Please send comments to: <ca at sendmail.org>
Disclaimer: the information provided may be inaccurate or outdated or incomplete. Please contact me if you find an error.