Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


Question about Sendmail local rules

Question about Sendmail local rules

Question about Sendmail local rules


I manage an open source Sendmail (8.14.4) implementation and I have a new requirement which I believe requires a custom local rule.
Basically we have two user accounts on the system used for AUTHenticated relay.  I've been asked to require TLS for one of the two accounts.  From what I've read so far about macros, it looks like {auth_authen} stores the user name used in AUTH and {verify} stores status of the client cert used for TLS.
The way I think I have to do this is to create a local rule to check that the user name in {auth_authen} equals the user name we want to require TLS for, and also check that {verify} doesn't equal "NONE".  Depending on the results of those evaluations, I can store a string in a new {md_tag} macro and pass that to MIMEDefang, which can either accept or reject the message based on the results.  For example, if user2 is required to use TLS, then the logic would be: if {auth_authen} equals "user2" AND {verify} doesn't equal "NONE" then set {md_tag} to "OK"
If possible, I would like assistance in writing the actual Sendmail rule to provide the information I'll need to pass to MIMEDefang.  I'm ok with general Sendmail configuration, but writing custom rules is a little daunting and I've never done it before.

As far as I know, there's no way to intercept and evaluate the AUTH after the user name is provided but BEFORE the password is provided to see if a specific user has already enabled TLS.  Please correct me if I'm wrong.
Also, I realize there's a general setting to require TLS for all AUTH attempts, but that's not an option at this point.

Thanks in advance,

RE: Question about Sendmail local rules

Nevermind, I got it.  Don't you love how you spend hours on something just to figure it out RIGHT after you ask for help?  

All I had to do was make sure {auth_authen} was included in confMILTER_MACROS_ENVFROM and {verify} was included in confMILTER_MACROS_HELO.  After that, I just added the following to MIMEDefang's filter_begin:

if ($SendmailMacros{"auth_authen"} eq "user2" && $SendmailMacros{"verify"} eq "") {
        return action_bounce("You must enable TLS encryption");
        md_syslog('warning', "Bouncing message from " . $SendmailMacros{"auth_authen"} . ". TLS is reqired but wasn't used.");

Turns out {verify} is empty if TLS isn't used.  If something like Outlook Express uses TLS, {verify} is set to "NO".

Sorry, I read the following URL and it made it seem like doing this would require local Sendmail rules:


Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close