procmail
[Top] [All Lists]

Re: Rejecting unknown users

2001-02-07 10:55:41
On  7 Feb, Postmaster wrote:
| In my school district, we want to give our middle schoolers e-mail accounts,
| but we also want to limit who then can receive e-mail from (and who they can
| send it to, but that's more of a sendmail question :-)
| 
| Anyway, I'm running RedHat 7.0 and procmail is all set up. What I'm
| wondering is:
| 
| -Can I have a global procmailrc file that checks the username (all of our
| middle school students account names begin with 05, 06, and 07) and let
| through e-mail from a list of approved addresses (and quietly discard all
| others)?
| 
| I've started going through the FAQs, but all I've seen so far deal with
| rejecting known addresses, and I want to only accept known addresses.
| 
| Thanks!
| 
| P.s. And if you know where to look to limit who the students send e-mail to,
| that would be very nice!
| 

If an acceptable sender to one recipient is acceptable to all, then
it's fairly simple. This is a common setup, and has been discussed
recently. You could begin by searching for "green list" and "white list"
in the archives:

http://www.xray.mpe.mpg.de/mailing-lists/procmail/

It can be done through a global rc file and typically involves a list
of addresses in a separate file that is used with 'fgrep -f'.

If you need to have different lists for each recipient, then it's
tougher and is frankly beyond my limited skill set. I'll defer to
someone else on that one.

Of course you'll need to think about whether to allow incoming mail from
students' other (home) accounts. I don't need to tell you how
enterprising middle school kids can be. It wouldn't take long before one
of them figures out how to get banned recipients through the filters by
bouncing it off another account. But then you eliminate one of the
worthwhile uses of email - sending their homework to/from school as
attachments to eliminate the "my dog ate it" excuse. ;-)

Filtering outgoing mail is different. There have been discussions in the
past about passing outgoing mail through procmail, but it doesn't come
up enough for me to have any sense of whether it's viable. It's really a
question for the MTA (which I gather is sendmail with Red Hat). I
believe you can use FEATURE(`blacklist_recipients') to block outgoing
mail using the access.db. At least it looks that way from the README
with 8.9.3 and 8.10.2, but I have no experience with it. If you don't
have that file, you can view it at www.sendmail,org, or download the
sources from their ftp site. It's a large file that'll take some time
to read, but I highly recommend it if you want some control over your
mail system, which you most certainly do. You'll want to be comfortable
rebuilding the sendmail.cf file according to your needs. Don't trust Red
Hat (or any other vendor) to get it right for you. There's just too much
there for them to be able to cover all the possibilities.

Don Hammond



_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>