PHWinfo - Afficher un message - Enabling a domain to send email from all their ISP ip range

31/10/2006, 23h56

In article <1162299600.178816.246680@i42g2000cwa.googlegroups .com>
"drfremove@nber.org" <feenberg@gmail.com> writes:
>Bumo wrote:
>> Hi I've just configured sendmail to use blacklists, as they are too strict
>> and I would like to enable some users to send email to me even from their
>> home using their provider connection, I would like to know how to do I
>> enable the range of addresses of the ISP.
>>
>> this is a part of my sendmail.mc
>>
>> (...FEATURE enabling 4 black lists)
>> FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl

That's a mangled version of the default (see cf/README) - I suggest that
you just use FEATURE(`access_db') instead.

>> FEATURE(`delay_checks', `friend')
>>
>> i.e.
>> in order to enable all addresses like "84-123-175-15.onocable.ono.com" in
>> access file I thought to use this
>> Spam:.onocable.ono.com FRIEND
>>
>> Is this correct? it seems it doesn't work!

No, the usage of `friend' with the Spam: tags is for identifiying
*recipients* that should be exempted from the anti-spam checks - see
cf/README. The whole point of this arrangement is to hold off on
sender-{host,user}-based blocking until the SMTP RCPT command is given
(and skip the blocks if the recipient is a FRIEND) - otherwise they will
hit before we know who the recipient(s) is/are.

If you just want to exempt some sender hosts from the blacklists (which
isn't the same thing as "enable some users to send email to me", but
anyway...), there is no need for delay_checks etc - just put them in
access db with an RHS of OK:

Connect

nocable.ono.com OK

Note, no leading dot unless you are also using "lookupdotdomain" (which
changes leading-dot entries from being totally ignored to being
considered, but with a slightly different meaning than no-leading-dot
ones). And yes, all of this is explained in cf/README.

>The access value you want is "RELAY", not "FRIEND". I don't know what
>the "Spam:" tag is related to - I don't think that is a valid tag for
>an access table entry.

No, it's fine (in that context), just doesn't do what he wants.:-)

> I am not sure if the leading dot will cause any
>problem - the examples I have seen of access entries don't have that.

Yes, see above.

>See, for example:
>
>
>http://www.freebsd.org/doc/en_US.ISO.../sendmail.html

Well, the FreeBSD handbook is a fine document for general FreeBSD admin,
but for obvious reasons it just scrapes the surface of the possibilities
when it comes to configuring sendmail (or any other "3rd party" package
of significant complexity).

--Per Hedeland
per@hedeland.org

31/10/2006, 23h56	#3
Per Hedeland Messages: n/a Hébergeur:	Re: Enabling a domain to send email from all their ISP ip range In article <1162299600.178816.246680@i42g2000cwa.googlegroups .com> "drfremove@nber.org" <feenberg@gmail.com> writes: >Bumo wrote: >> Hi I've just configured sendmail to use blacklists, as they are too strict >> and I would like to enable some users to send email to me even from their >> home using their provider connection, I would like to know how to do I >> enable the range of addresses of the ISP. >> >> this is a part of my sendmail.mc >> >> (...FEATURE enabling 4 black lists) >> FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl That's a mangled version of the default (see cf/README) - I suggest that you just use FEATURE(`access_db') instead. >> FEATURE(`delay_checks', `friend') >> >> i.e. >> in order to enable all addresses like "84-123-175-15.onocable.ono.com" in >> access file I thought to use this >> Spam:.onocable.ono.com FRIEND >> >> Is this correct? it seems it doesn't work! No, the usage of `friend' with the Spam: tags is for identifiying recipients that should be exempted from the anti-spam checks - see cf/README. The whole point of this arrangement is to hold off on sender-{host,user}-based blocking until the SMTP RCPT command is given (and skip the blocks if the recipient is a FRIEND) - otherwise they will hit before we know who the recipient(s) is/are. If you just want to exempt some sender hosts from the blacklists (which isn't the same thing as "enable some users to send email to me", but anyway...), there is no need for delay_checks etc - just put them in access db with an RHS of OK: Connectnocable.ono.com OK Note, no leading dot unless you are also using "lookupdotdomain" (which changes leading-dot entries from being totally ignored to being considered, but with a slightly different meaning than no-leading-dot ones). And yes, all of this is explained in cf/README. >The access value you want is "RELAY", not "FRIEND". I don't know what >the "Spam:" tag is related to - I don't think that is a valid tag for >an access table entry. No, it's fine (in that context), just doesn't do what he wants.:-) > I am not sure if the leading dot will cause any >problem - the examples I have seen of access entries don't have that. Yes, see above. >See, for example: > > >http://www.freebsd.org/doc/en_US.ISO.../sendmail.html Well, the FreeBSD handbook is a fine document for general FreeBSD admin, but for obvious reasons it just scrapes the surface of the possibilities when it comes to configuring sendmail (or any other "3rd party" package of significant complexity). --Per Hedeland per@hedeland.org