Consider blah.edu. The mail server for blah.edu lists blah.edu in
local-host-names, so it
accepts mail for address@blah.edu, but it also accepts
address@sub1.blah.edu,
address@sub2.blah.edu and address@sub3.blah.edu.

Is there some way, using local-host-names or perhaps another method,
for the mail server to
accept mail for address@blah.edu and address@sub3.blah.edu but not
for
address@sub1.blah.edu and address@sub2.blah.edu. Something like a
deny/allow list
where the exceptions could be listed first?

Thanks for any pointers or RTFMs.

Cheers,
SQ

soonquadruples@gmail.com writes:

> Consider blah.edu. The mail server for blah.edu lists blah.edu in
> local-host-names, so it
> accepts mail for address@blah.edu, but it also accepts
> address@sub1.blah.edu,
> address@sub2.blah.edu and address@sub3.blah.edu.
>
> Is there some way, using local-host-names or perhaps another method,
> for the mail server to
> accept mail for address@blah.edu and address@sub3.blah.edu but not
> for
> address@sub1.blah.edu and address@sub2.blah.edu. Something like a
> deny/allow list
> where the exceptions could be listed first?
>
> Thanks for any pointers or RTFMs.

Use virtusertable to list all valid names in the sub-domains.

virtusertable:
# list of valid emails in sub3.blah.edu
address1@sub3.blah.edu %0
address2@sub3.blah.edu %0
# instruction to reject remaining addresses in sub3.blah.edu
@sub3.blah.edu error:nouser User unknown

--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
.... A solemn, unsmiling, sanctimonious old iceberg who looked like he
was waiting for a vacancy in the Trinity.
-- Mark Twain

On Sep 7, 11:53 am, Andrzej Adam Filip <a...@onet.eu> wrote:
> soonquadrup...@gmail.com writes:
> > Consider blah.edu. The mail server for blah.edu lists blah.edu in
> > local-host-names, so it
> > accepts mail for addr...@blah.edu, but it also accepts
> > addr...@sub1.blah.edu,
> > addr...@sub2.blah.edu and addr...@sub3.blah.edu.
>
> > Is there some way, using local-host-names or perhaps another method,
> > for the mail server to
> > accept mail for addr...@blah.edu and addr...@sub3.blah.edu but not
> > for
> > addr...@sub1.blah.edu and addr...@sub2.blah.edu. Something like a
> > deny/allow list
> > where the exceptions could be listed first?
>
> > Thanks for any pointers or RTFMs.
>
> Use virtusertable to list all valid names in the sub-domains.
>
> virtusertable:
> # list of valid emails in sub3.blah.edu
> addre...@sub3.blah.edu %0
> addre...@sub3.blah.edu %0
> # instruction to reject remaining addresses in sub3.blah.edu
> @sub3.blah.edu error:nouser User unknown

Thank you very much for the quick response.

I think that is very close to what I was looking for, but the
problem is a bit more complex than I was letting on.

Assume smtp.blah.edu is the mail server for blah.edu.

sub2.blah.edu and sub3.blah.edu each run their own mail
servers and have MX records to that effect. smtp.blah.edu
(sadly) accepts mail for sub2 and sub3, even though
it shouldn't, but it is perhaps understandable because it
needs to accept @blah.edu addresses.

So, I believe virtusertable would work to deny the
accepting of mail for sub2 and sub3 at smtp.blah.edu.
So far, so good.

However, now suppose that user@blah.edu has a PC
mail client and has smtp.blah.edu set as the outgoing
smtp server. If user@blah.edu mails user@sub2.blah.edu,
won't smtp.blah.edu accept the mail and then deny
it via virtusertable?

I suppose the question should be:

"Is it possible to deny the *acceptance* of mail on a
server for a subdomain, yet still allow the *relaying*
of mail to that subdomain though the server?"

Thanks again,
SQ

soonquadruples@gmail.com writes:

> On Sep 7, 11:53 am, Andrzej Adam Filip <a...@onet.eu> wrote:
>> soonquadrup...@gmail.com writes:
>> > Consider blah.edu. The mail server for blah.edu lists blah.edu in
>> > local-host-names, so it
>> > accepts mail for addr...@blah.edu, but it also accepts
>> > addr...@sub1.blah.edu,
>> > addr...@sub2.blah.edu and addr...@sub3.blah.edu.
>>
>> > Is there some way, using local-host-names or perhaps another method,
>> > for the mail server to
>> > accept mail for addr...@blah.edu and addr...@sub3.blah.edu but not
>> > for
>> > addr...@sub1.blah.edu and addr...@sub2.blah.edu. Something like a
>> > deny/allow list
>> > where the exceptions could be listed first?
>>
>> > Thanks for any pointers or RTFMs.
>>
>> Use virtusertable to list all valid names in the sub-domains.
>>
>> virtusertable:
>> # list of valid emails in sub3.blah.edu
>> addre...@sub3.blah.edu %0
>> addre...@sub3.blah.edu %0
>> # instruction to reject remaining addresses in sub3.blah.edu
>> @sub3.blah.edu error:nouser User unknown
>
> Thank you very much for the quick response.
>
> I think that is very close to what I was looking for, but the
> problem is a bit more complex than I was letting on.
>
> Assume smtp.blah.edu is the mail server for blah.edu.
>
> sub2.blah.edu and sub3.blah.edu each run their own mail
> servers and have MX records to that effect. smtp.blah.edu
> (sadly) accepts mail for sub2 and sub3, even though
> it shouldn't, but it is perhaps understandable because it
> needs to accept @blah.edu addresses.
>
> So, I believe virtusertable would work to deny the
> accepting of mail for sub2 and sub3 at smtp.blah.edu.
> So far, so good.
>
> However, now suppose that user@blah.edu has a PC
> mail client and has smtp.blah.edu set as the outgoing
> smtp server. If user@blah.edu mails user@sub2.blah.edu,
> won't smtp.blah.edu accept the mail and then deny
> it via virtusertable?
>
> I suppose the question should be:
>
> "Is it possible to deny the *acceptance* of mail on a
> server for a subdomain, yet still allow the *relaying*
> of mail to that subdomain though the server?"

1) virtusertable is consulted before giving reply to "RCPT TO:"
2) virtusertable can be used for non local email domains
[e.g. for relayed domains ]

I suggest you taking a look at FEATURE(`ldap_routing').
It will allow you to
* add more email gateways
* route messages for blah.edu users without "central hub hop" at
sunN.blah.edu hosts

URL(s):
http://www.sendmail.org/m4/ldap_routing.html
[The latest version supports options not mentioned in the above URL]

--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
"The hottest places in Hell are reserved for those who, in times of moral
crisis, preserved their neutrality."
-- Dante

In article <1189191986.473308.306490@50g2000hsm.googlegroups. com>
soonquadruples@gmail.com writes:
>
>Assume smtp.blah.edu is the mail server for blah.edu.
>
>sub2.blah.edu and sub3.blah.edu each run their own mail
>servers and have MX records to that effect. smtp.blah.edu
>(sadly) accepts mail for sub2 and sub3, even though
>it shouldn't, but it is perhaps understandable because it
>needs to accept @blah.edu addresses.

No - putting blah.edu in local-host-names does not cause it to accept
mail for user@whatever.blah.edu - rather it is treated as any non-local
address, i.e. relayed if the rules permit that, otherwise rejected. If
you're seeing that it is accepted for local delivery, it's due to
something else - perhaps inapproriate DNS or /etc/hosts entries. The
output from

sendmail -d21.2 -bv user@sub2.blah.edu

may you figure out what is going on.

--Per Hedeland
per@hedeland.org

On Sep 7, 4:35 pm, p...@hedeland.org (Per Hedeland) wrote:
> In article <1189191986.473308.306...@50g2000hsm.googlegroups. com>
>
> soonquadrup...@gmail.com writes:
>
> No - putting blah.edu in local-host-names does not cause it to accept
> mail for u...@whatever.blah.edu - rather it is treated as any non-local
> address, i.e. relayed if the rules permit that, otherwise rejected. If
> you're seeing that it is accepted for local delivery, it's due to
> something else - perhaps inapproriate DNS or /etc/hosts entries. The
> output from
>
> sendmail -d21.2 -bv u...@sub2.blah.edu
>
> may you figure out what is going on.

Thank you. I was unaware that that was the case and could not
test it myself. I'll see if that command sheds any light.

For the record, I'm not the guy at the top trying to disallow the
subdomains,
I'm the subdomain guy trying to get the guys at the top to stop
accepting
mail for me. As I don't control the top, it's hard for me to do more
than
query, suggest and keep my patience tank full.

Thank you for your time.

Cheers,
SQ

In article <1189268390.003853.148070@k79g2000hse.googlegroups .com>
soonquadruples@gmail.com writes:
>On Sep 7, 4:35 pm, p...@hedeland.org (Per Hedeland) wrote:
>> In article <1189191986.473308.306...@50g2000hsm.googlegroups. com>
>>
>> soonquadrup...@gmail.com writes:
>>
>> No - putting blah.edu in local-host-names does not cause it to accept
>> mail for u...@whatever.blah.edu - rather it is treated as any non-local
>> address, i.e. relayed if the rules permit that, otherwise rejected. If
>> you're seeing that it is accepted for local delivery, it's due to
>> something else - perhaps inapproriate DNS or /etc/hosts entries. The
>> output from
>>
>> sendmail -d21.2 -bv u...@sub2.blah.edu
>>
>> may you figure out what is going on.
>
>Thank you. I was unaware that that was the case and could not
>test it myself. I'll see if that command sheds any light.
>
>For the record, I'm not the guy at the top trying to disallow the
>subdomains,
>I'm the subdomain guy trying to get the guys at the top to stop
>accepting
>mail for me. As I don't control the top, it's hard for me to do more
>than
>query, suggest and keep my patience tank full.

OK, well, the command above has to be run at the "top" server - it will
just do a local trace of the rules that lead to the routing decision.
FWIW, there's another way than local-host-names (a.k.a. "class {w}") to
specify that a domain should be delivered locally (there are some subtle
differences), and that is to list it in the mailertable with a RHS of
'local:', i.e. like so:

blah.edu local:

That line will also only affect mail to user@blah.edu, but if you/they
also have a line

..blah.edu local:

- it will apply to user@whatever.blah.edu. Just mentioning this in case
that's what they're doing, since there's not a "canned" way (i.e. an
option in the .mc file or equivalent) to say that you want local
delivery for all of the subdomains of the domains that you have
specified in local-host-names - it's possible with custom rules of
course, but if they have such they ought to know about it...

--Per Hedeland
per@hedeland.org