[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sendmail
Subject:    Re: Allow envelope sender domain only from certain IPs?
From:       Matej Vela <mvela () irb ! hr>
Date:       2004-09-30 11:57:43
Message-ID: 10493013057.~INN-ZDAa00150.comp-news () dl ! ac ! uk
[Download RAW message or body]

On 2004-09-30, Sebastian Wiesinger <04-09@usenet.karotte.org> wrote:
> Hello,
>
> I want to block an envelope sender domain and only allow it from
> certain IPs, something like:
>
> From:@domain.net and Connect:192.168.1.2 OK
>
> From:@domain.net and Connect:<anyone else> REJECT

Note that this breaks forwarding.  For example, if <alice@domain.net>
sends mail to <bob@yahoo.com> who has a .forward to <bob@domain.net>,
the envelope sender will still be <alice@domain.net>, and the IP will
be Yahoo's.

> Is there an easier solution then writing a rule for Local_check_mail?

You already know about SPF, so...

> And if not, could someone post a rule for this? (I can write my own
> rules, but I'm not very fast with it.)

LOCAL_RULESETS
SLocal_check_mail
R$+					$: $>CanonAddr $1
R$+					$: $1 $| $&{client_addr}
R$* < @ domain.net. > $| 192.168.1.2	$@ OK
R$* < @ domain.net. > $| $+		$#error $@ 5.7.1 $: "550 Access denied"


[prev in list] [next in list] [prev in thread] [next in thread]