> This Problem is rather for your Leisure Time ...
> I'm setting up a dedicated Fileserver (under 4.1.3_U1 and NIS). [...]
> What I would like to have is that if some braindead sendmail connects
> the sendmail on the Fileserver, the latter tells it to disconnect and
> reconnect to our Mailhost, but I'm afraid that that ain't expressable
> in SMTP. :-C
> So far, I can imagine three Possibilities:
> 1) Run no sendmail at all. The dummy sendmail will get "Service denied"
> and bounce the Mail either immediately or after three Days. However,
> the Sender doesn't get any Info as to WHY his Mail wasn't accepted.
> 2) Run sendmail and disallow all Users. Same Thing as above, only with
> "User unknown" instead of "Service denied".
> 3) Run sendmail and allow Mails to go through the Fileserver. Not good.
> Since the Users and their Home Dirs are known, People might set up
> a .forward to a Pipe; Either I disable this, breaking vacation et. al.,
> or I allow it, which allows our Users to start an xterm or somesuch
> on our Fileserver.
> So, what is the kosher Way to politely saying "no Mail to *this* Host"?
A Lot of interesting Info came back on this one!
1) Most Respondents told me that enabling the OR Option - a SunOSism -
would actually do what I want. Shame on me, I didn't know this, all
my Clients are running with this Option, which is included in the
standard sendmail.subsidiary.cf. However, I have received a List of
12 (now, after some Tests of mine, 13 :-C ) Reasons why not to use
this Option. To say it very short: It's heavily broken. sendmail 8
has a quite similar Option, NULLCLIENT; no Bug Reports on this one.
2) The next best Option is to create a "no local Processing, forward
ALL" sendmail.cf without the OR Option. This can be done quite reliably
(by not having sendmail *know* any other Mailers than tcpld in the
first Place). I was sent a sendmail.cf proven on a Variety of Plat-
forms, currently run it on the Fileserver, but not somewhere it would
be tested thoroughly yet. I'll most probably drop that one into all
3) To specifically inhibit funny Things being done with Mail to Pipes,
there is smrsh (sendmail restricted Shell) available to drop into
sendmail.cf instead of /bin/sh.
4) Others pointed out that having Aliases will do the Trick, bypassing
any .forward a User could set up. Nice Idea, but I'm not fond of
keeping the Aliases List up to Date.
5) Yet others told me that if someone configured an Internet Site such
that it doesn't honor MX Records (which I assumed to be set correctly),
then Bounces is all they deserve, hence no Need for a running sendmail.
Possible Problem: Mail generated by non-interactive Programs, e.g.
6) An interesting Sidenote: PC-NFS does some *very* sloppy checking of
valid Login Shells. Instead of looking up /etc/shells correctly, it
assumes that anything ending in "sh" is a valid Shell. Look out for
this if you want to dis/enable User Access by having /etc/passwd contain
"+::::::/funnyshell" or somesuch.
7) Last not least I was wrong in assuming that SMTP wouldn't provide
Support for this Kind of Negotiation! RFC 821 contains:
251 User not local; will forward to <forward-path>
551 User not local; please try <forward-path>
Now, does anyone have an Idea as to how many Implementations support
getting this Kind of Reply without freaking out on it? Doing a strings
/usr/lib/sendmail shows me a Lot of Error Msgs, including 550 User
unknown and 550 Host unknown, but none of the two above ...
Tom Reingold <firstname.lastname@example.org>
Mario Dupuis <Mario.Dupuis@mfg.canadair.ca>
Ian MacPhedran <Ian_MacPhedran@engr.usask.ca>
Peter Allan <email@example.com>
Pom Bajar <firstname.lastname@example.org>
Fuat C. Baran <email@example.com>
Claus Assmann <firstname.lastname@example.org>
A. Bryan Curnutt <bryan@Stoner.COM>
Gregory Bond <email@example.com>
Barry Margolin <barmar@Think.COM>
Per Hedeland <firstname.lastname@example.org> (Maintainer of the Anti-OR List)
Jason Jonas <email@example.com>
Ray Schnitzler <firstname.lastname@example.org>
Hal Stern <stern@sunrise.East.Sun.COM> (did NOT mention OR ;-)
-- __/\_____________________________________________ ___________________________ / \ \ / /\ / J. \ EMail: bern@[TI.]Uni-Trier.DE / ham: DD0KZ X More Infos on me from / \ \Bern/ X.400: <---- temporarily disabled ----> / \ the X.500 Directory; \ / \ / P. O. Box 1203, 54202 Trier, Germany / \ Pub Keys via finger \/ __\/___________________________________________/ EOF \_________________________
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:03 CDT