home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  

sendmail

sendmailSearch this book
Previous: 29.6 Rule Set 0 Chapter 29
Rule Sets 		Next: 29.8 Rule Set 2
 

29.7 Rule Set 5

For version 2 and higher configuration files (see Section 27.5, "The V Configuration Command" ), V8 sendmail allows local recipients to undergo additional rewriting. Recall that each recipient address is processed by rule sets 3 and 0. Beginning with V8.7 sendmail , any delivery agent with the F=A flag set [4] (see Section 30.8.12, F=A ) will cause the address to undergo aliasing (via the aliases file), which may result in a new local address.

[4] Prior to V8.7 sendmail , only the local delivery agent had this property.

Under V8 sendmail , if an address makes it through aliasing unchanged, it is given to rule set 5, which may select a new delivery agent. Note that it is given to rule set 5 before the ~/.forward file is processed.

Beginning with V8.7 sendmail , any delivery agent that has the F=5 flag set (see Section 30.8.3, F=5 ) will cause rule set 5 to be called as though the agent were a local one.

To illustrate, consider that a new delivery agent might be needed in the case of a mail firewall machine. A firewall machine is one that sits between the local network and the outside world and protects the local network from intrusion by outsiders. In such an arrangement it may be desirable for all incoming mail to be delivered to the firewall so that no outsider needs to know the real names of machines on the local network.

Consider mail to the address john@firewall . On the firewall machine, rule set 3 recognizes the host part as local and throws away the @firewall . Rule set 0 then selects the local delivery agent. Because the address john is local, it is looked up in the aliases file. For this example we will assume that it is not found there. The user's ~/.forward file would normally be examined next, but user home directories are not visible to the firewall machine.

Because the address john is not aliased, it is then passed to rule set 5, which selects another delivery agent to forward the message into the local network:

S5
R$-     $#smtp $@hub.internal.net $:$1

Here, the john matches the $- in the LHS, so the smtp delivery agent is selected. The mail message is forwarded to the local network with john (the $1 ) as the username and hub.internal.net as the name of the receiving machine on the internal network.

For such a scheme to work, all local machines must send offsite mail addressed as though it were from the firewall, and local names must be changed to offsite forms when forwarded offsite. For example, the name john@local.host needs to be changed to john@firewall for all outgoing offsite mail.

Note that rule set 5 can also be used in situations that do not involve firewalls. It can be used as a hook into forwarding to other types of networks, with special mailing list software, or even as a way to handle retired accounts. Also note that rule set 5 may select a new delivery agent, but it does not have to.

For those times when rule set 5 may not be appropriate, V8 sendmail offers a technique for bypassing it. In rule set 0, if the first token following the $: of a rule that selects the local delivery agent is an @ , sendmail removes the @ and skips calling rule set 5:

R$-         $#local $: @ $1
                       
-^

                       
removed and rule set 5 skipped

Note that rule set 5 is the way V8.7 sendmail and above institutes the plussed users technique (see Section 24.4.3, "Plussed Users" ).

Previous: 29.6 Rule Set 0 sendmail Next: 29.8 Rule Set 2
29.6 Rule Set 0 Book Index 29.8 Rule Set 2

[ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ]