Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

How do I stop some users from sending mail out of the local domain?

How do I stop some users from sending mail out of the local domain?

How do I stop some users from sending mail out of the local domain?

A bit of a challenge for the sendmail gurus out there :^)

The organisation I work for has two e-mail domains:

1) NT based Netscape Suitespot (domain = myorg.co.uk)
2) Unix based (domain = unix.myorg.co.uk)

Both domains have routes to external Internet e-mail. Each department within the organisation is charged a nominal per user amount to cover costs of maintaining the external Internet e-mail system (ie, comms costs, ISP costs, etc.). If a department that would fall within the org.co.uk domain doesn't want a user to have e-mail access, then the user does not have a Suitespot account set up. The IP address of their PC is also not entered into the Firewall system as a valid SMTP/POP user.

My problem is with the Unix based users. These users have access to a groupware product that allows them to send and receive e-mail. They should be allowed to send mail to users in both unix.org.co.uk and org.co.uk. If a user is not authorised to send external Internet e-mail, then they need to be prevented from doing so.

The Unix users are spread across five servers. One of the servers acts as the Internet e-mail gateway. When sending e-mail between the Unix based groupware systems, X.400 is used. Any SMTP mail uses the Internet e-mail gateway as the relay. Any mail received by the organisation to a user @unix.myorg.co.uk is routed through this Internet gateway.

The Internet gateway server is running sendmail 8.9.3. Sendmail is configured so that mail sent to users @unix.myorg.co.uk is passed into the X.400 system. It's also configured to bounce mail sent to certain accounts using user access db as per the anti-spam instructions at sendmail.org (http://www.sendmail.org/m4/anti-spam.html). So, that prevents unauthorised users from *receiving* Internet based e-mail.

My problem is that I'm not sure how to prevent users from *sending* e-mail to any domains apart from myorg.co.uk and unix.myorg.co.uk.

As mentioned previously, mail between the groupware systems in unix.myorg.co.uk is sent via X.400. What I need to do is configure sendmail so that if certain users attempt to send mail to any domain other than myorg.co.uk, the mail is returned to sender.

Has anyone out there ever had to do anything similar to this? And did you have any success doing it?

(I'm currently trying to get sendmail to use procmail to do this. i.e., use procmail to check the From: lines for user@unix.myorg.co.uk, and To: lines that don't match *.myorg.co.uk, and then bounce them back to the sender. I hope :)

Thanks for any help and advice you can give me.

RE: How do I stop some users from sending mail out of the local domain?

After a more detailed trawl in the bat book, I've found an example of using the check_compat routine that does exactly what I need.

The example is based on a single user, so I'm going to try to expand this. If I get it working, I'll post the answer here.

However, if anybody has any flashes of inspiration, please let me know :^)

RE: How do I stop some users from sending mail out of the local domain?

Feel like I'm talking to myself, here ;^) The bat book example, with a little tweaking, worked well. At the moment I'm trying to get the ruleset to read user names out of a Berkeley dbm file. As soon as I get success I'll post my results.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close