Just thought I'd put in my two cents. I recently dealt with
something vaguely similar to this issue.
Philip Guenther wrote:
Ralph Freshour <rfresh(_at_)mail(_dot_)idt(_dot_)net> writes:
When incoming mail arrives on my server, I need to check a text file to
see if the incoming mail is addressed to a valid userr. I need to:
1. Parse the username out of the To: field.
For example, To: Joe Smith <joe(_at_)domain(_dot_)com>
I need to parse out "joe" because the
file of authorized users looks like this:
mary
henry
joe
bill
I need to find "joe" in that list file.
The authorized users file is called "users.list"
2. If "joe" is not found in the file, send to /dev/null
else contine to the next recipe.
a) Are the "authorized users" a subset of the user accounts (logins) on
the system? If not, forget procmail for now and start reading
up on sendmail, especially LUSER_RELAY.
I recently tried to get LUSER_RELAY to work and found it was
rewriting failing email to look as though it were originally
intended for LUSER_RELAY. This wasn't what I wanted; I wanted
it to just forward it to LUSER_RELAY but leave the headers
alone.
I instead removed the 'w' flag from the local mailer flags.
(I am using Sendmail 8.7.6). This allows Sendmail to invoke
the local mailer regardless of whether a local account exists.
It is then up to the local mailer to determine whether to
handle the mail. A suitable /etc/procmailrc can then handle
unknown users any way you want.
For my application, which was to provide email accounts on
the local system *without* creating logins for them, I then
added a flag to procmail that specifies a user to receive
all email for recipients not in the passwd file. Instead of
filtering the destinations in /etc/procmailrc, I then set
up a .procmailrc in that user's home directory. (The hack
to procmail is about 10 lines long if anyone wants it.)
b) You're not going to send a bounce message back to the original site
saying "sorry, so-and-so is not authorized to receive email"???
That's rude.
Having dealt with people sending email into my domain without
knowing any valid users (just testing their spam programs), I
disagree that it is rude to ignore mail not destined for a
real user. If they don't get a response they can ask
postmaster.
c) Why don't you just add to sendmail's ruleset 5 a lookup into a text
file database, such that if the user didn't have an entry it
returned a call to the error mailer? Something like (untested
code alert!):
R$+ $: < > $1
R< > $+ + $* $: < @ > < $( auth $1 $: <> $) > $1 + $2
R< > $+ $: < @ > < $( auth $1 $: <> $) > $1 look up user
R< @ > < <> > $* $#error $: NOPERM or whatever
R< @ > < $* > $* $: $2 They're okay
I get real nervous when someone says "Why don't you just do
xxx to sendmail's ruleset yyy?" I'm not a Sendmail rewriting
rule guru, and I suspect very few people are. The few times
I've tried to apply someone else's rewriting suggestions,
I've decided later that they were just guessing, and I had
just wasted a lot of time.
To me the Sendmail rulesets are a tricky enough system that
I don't want to mess with them unless absolutely necessary.
I have the responsibility of my company's email riding on
Sendmail working correctly, and I just don't want to take
risks with that.
[snip]
Philip Guenther
--
Jefferson Ogata Philips Media Systems ogata(_at_)pmpro(_dot_)com
"If you push something hard enough,
it will fall over." -- Fudd's first law of opposition.
"It comes in:
it must go out." -- Teslicle's deviant to Fudd's law.