Protecting internal aliases against E-Mail from external addresses.
Last Update 1999-02-08
This example ruleset protects internal aliases
against mail from external senders.
It uses class w to detect local senders/recipients.
Attention:
this protection is only based on the address
information given in the envelope of the e-mail
which can be easily forged.
List those aliases (which are local) in a file:
F{Internal}/etc/mail/intern.only
Then the rules work like this:
Scheck_compat
# if the recipient isn't internal, they get the mail
R$+ $| $+ $: <@> $1 $| $>3 $2
R<@>$+$|$={Internal}<@$=w.> $: $1 $| <$2@$3>
R<@>$+$|$={Internal} $: $1 $| <$2@$j>
# no internal alias
R<@>$+ $@ OK
# check to see if the sender is local
R<$+@$=w> $| $+ $@ OK
R$+ $| $+ $#error $: 551 $1 not allowed to send to $2
The ruleset works like this:
-
is the recipient a local alias (listed in the file)?
-
if no: OK
-
if yes:
the sender must be local too
-
if it isn't: error
A more
sophisticated ruleset
has been posted to
comp.mail.sendmail
.
[(links)]
[Hints]
[Avoiding UBE]
[cf/README]
[New]
Copyright ©
Claus Aßmann
Please send comments to:
<ca@sendmail.org>