Sendmail ACL ability (like squid ACL's)
- From: askon23@xxxxxxxxx
- Date: Tue, 07 Aug 2007 03:05:53 -0700
Hi All!
I have 2 weeks of googling for ACL ability for sendmail, but hasn't
find nothing for my needs. Maybe, and most likely, I use "not right
words" for this, anyway, here is description of ability, that I need:
I need to control all incoming/outgoing mail for my corporative users,
using ACLs. It should looks like this - there are 2 large groups of
users: 1 - users, who are under control of ACL and 2 - all other users
(they are allowed to send and receive any email). Users, from 1st
group needs to be controlled in this ways:
- Allowed incoming mails
- Denied incoming mails
- Allowed outgoing mails
- Denied outgoing mails
How it should looks:
I plan to create 4 files - to.allow, to.deny, from.allow and from.deny
with the following syntaxes:
user1 <TAB> LIST
Where "user1" - username, form 1st group, "LIST" - list of valid
domain/email addresses. For example:
to.allow:
#User name(looks like T on the scheme*) <tab> LIST
user1 <tab> a@xxxxx
user2 <tab> @b.com c@xxxxx
to.deny:
#User name(looks like T on the scheme*) <tab> LIST
user2 <tab> b@xxxxx
user3 <tab> @c.com
from.allow:
#User name(looks like F on the scheme*) <tab> LIST
user1 <tab> a@xxxxx
from.deny:
#User name(looks like F on the scheme*) <tab> LIST
user3 <tab> @spam.com z@xxxxx
*scheme - it is a graphical file, thats explain logic of ACL checks,
that should to be applied. It can be found at -
http://photos.streamphoto.ru/5/e/0/86e9958dc43d76bba6783f8b850ba0e5.jpg
T and F on this scheme are means usernames on to.* and from.* files.
T@ and F@ on this scheme are means email addresses LISTs at to.* and
from.* files.
Small explain:
to.allow - this file will consists addresses "To:" which "user"
allowed to send emails, all other addresses for this "user" will be
denied. So if "user" exists in to.allow it ONLY allowed to send mails
to his lists, all other is denied.
to.deny - this file will consists addresses "To:" which "user" denied
to send emails, all other addresses for this "user" will be allowed.
So if "user" exists in to.deny it ONLY denied to send mails to his
lists, all other is allowed.
If "user" exists both in to.allow and to.deny - to.allow should be
used, exempt cases when "LIST" in one of lists contains only domain
part - @a.com and another "LIST" contains full email address - a@xxxxx
from.allow - this file will consists addresses "From:", from which
"user" allowed to received emails, all other addresses for this "user"
will be denied. So if "user" exists in from.allow it can ONLY receive
mail from allowed addresses, all other is denied.
from.deny - this file will consists addresses "From:", from which
"user" NOT allowed to received emails, all other addresses for this
"user" will be allowed. So if "user" exists in from.deny it can
receive all mail, exempt listed in this file.
If "user" exists both in from.allow and from.deny - from.allow should
be used, exempt cases when "LIST" in one of lists contains only domain
part - @a.com and another "LIST" contains full email address - a@xxxxx
How it should works, for my example files:
1. user1 can send and receive email ONLY to/from a@xxxxx, all other
are DENIED for this user.
2. user2 can send emails ONLY to @b.com and c@xxxxx addresses, exempt
b@xxxxxx user2 can receive all emails.
3. user3 can send emails anywhere, receive all emails, but not from
@spam.com and z@xxxxx
4 All other users are not limited by ACLs.
Any ideas, maybe there are already exists some sendmail milter that
can be used for this after simple modification? Or maybe anybody of
sendmail Guru's are ready to write rules for this ability?
Thx.
.
- Follow-Ups:
- Re: Sendmail ACL ability (like squid ACL's)
- From: askon23
- Re: Sendmail ACL ability (like squid ACL's)
- Prev by Date: Re: Remove some headers
- Next by Date: Re: Sendmail with SMTP AUTH, alway incorrect password
- Previous by thread: Compile sendmail
- Next by thread: Re: Sendmail ACL ability (like squid ACL's)
- Index(es):
Relevant Pages
|
