Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Sendmail - Restriced Users

Posted on 2000-04-18
11
Medium Priority
?
245 Views
Last Modified: 2013-12-27
I would like to restrict some users from exchanging external email while allowing some users full access to Internet mail.
The restricted users would need to still have access to internal Email.

The mail server runs Solaris 2.7 with  Sendmail 8.9.3+Sun/8.9.1

Is it possible? if so, how?
0
Comment
Question by:kinsey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 2

Expert Comment

by:ish
ID: 2851553
Do the user's actually log into this server?  Or is it a mail gateway that redirects incoming internet mail to your internal network?

If it is a gateway, this isn't too hard.  Take all those that are ALLOWED, and use the /etc/aliases file to redirect their mail to the appropriate Internal mail server.

for the disallowed, have the aliases route incoming mail to /dev/null

OR
For users NOT allowed, make accounts on the local machine, with no aliases, and set them up with /bin/tru as a shell.  Drop a .forward into their home directories.

When new mail arrives for the ALLOWED subset, the user's password entry is looked up. If the shell entry from that password entry is a valid one, delivery is allowed thru the .forward, and the user can receive mail at the server, if not it is denied..  A shell is valid if it is listed in the /etc/shells file. If that file does not exist,
sendmail looks up the shell in its internal list.  The internal list is pretty standard.
0
 
LVL 3

Author Comment

by:kinsey
ID: 2854166
The mail server is also an application server on wich all users have (and need) shell accounts.

The compicating factor is that all users whould have access to internal email while some users should be excluded from sending and receiving external email.

I thought maybe this could be setup with some form of virtual server for external mail ?
0
 
LVL 5

Expert Comment

by:ianB
ID: 2855588
We have opened up a new Solaris Topic Area.  

To increase the visibility of questions, we moved questions we felt
appropriate to the new Solaris Topic Area where they will be easier for
Solaris experts to find and answer. You may view your question at
http://www.experts-exchange.com/Computers/Operating_Systems/Solaris/ 

If you have any questions about the new topic area you can contact
Community Support by posting a comment at the following URL or by
emailing us at cs@experts-exchange.com.
http://www.experts-exchange.com/Customer_Service/Experts_Exchange/ 

Ian
Community Support @ Experts Exchange

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:ish
ID: 2863701
OK, I have a bit clearer picture now...

Sendmail does allow for the establishment of "virtual servers" (this is accomplished within the sendmail.cf, the newest version from sendmail.org 8.10.0 even has a web interface available to config it).

If you set up the Virtual server to be:

xtranet-mail.mydomain.com

on appserver.mydomain.com

then you set the /etc/aliases file to deliver mail for the privledged few to the local server, and to bounce back or /dev/null the stuff not allowed.  Your folks would still be able to send mail OUT... unless you start getting REALLY fancy with your configs...

0
 
LVL 3

Author Comment

by:kinsey
ID: 2872424
Woudn't local mail still be aliased to /dev/null for those users?
0
 
LVL 2

Expert Comment

by:ish
ID: 2874299
Yes you'd need the alias to /dev/null for your "disallowed users" on both.

With aliases to the virtual mail server for all "allowed users".

It was recently poitned out to me on another expert answer, that the MX record in DNS can be used to direct the email to your Virtual Server, but that email servers using broken headers and such won't honor the MX to the second host.
0
 
LVL 3

Expert Comment

by:darinw
ID: 2969956
Hi kinsey,

It looks like your question has been answered by ish really well. Can you come back and accept one of the comments as an A grade answer?

darinw
Customer Service
0
 
LVL 2

Accepted Solution

by:
ish earned 600 total points
ID: 3009089
It has been over 20 days since I answered this question for you.
0
 
LVL 3

Author Comment

by:kinsey
ID: 3010295
Answer accepted
0
 
LVL 3

Author Comment

by:kinsey
ID: 3010296
I still don't understand how this would work.
If a user is aliased to /dev/null they can recieve NO mail,  the objective is to allow ALL users access to internal mail and have local logins on the server.
SOME users have access to internet mail.
If I alias a users login to /dev/null all of their mail is thrown away, but I want them to be able to send/recieve mail to/from local addresses.
0
 
LVL 2

Expert Comment

by:ish
ID: 3012518
Right...

OK, something wasn't clear here...

You set the NULL on the server that accepts and handles outside mail:

DISALLOWED=NULL
ALLOWED=address@inside.server.com

You set the address on the inside server for all users
DISALLOWED=localuser
ALLOWED=localuser

Better?    I think some answers got crossed....
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question