I have a CentOS server with Sendmail installed and use Fetchmail for mail retrieval. My email server is working perfectly, but I now need to prohibit a user from sending emails to the outside.
How do I allow this user to send email in the local network (within the same domain's email address) but block them from sending email the outside world?
Best Answer
Because what you want is more generic than what FEATURE(compat_check) does, first make sure that you do not have it enabled in your
/etc/mail/sendmail.mc file
. Then you can write your own version ofcheck_compat
(note the reversing of the words here). The sendmail book (4e) has a solution to your question in pages 259 and 260.Here is a second one: At the bottom of your sendmail.mc file add the following lines
Here is what happens: The
Kput macro
line defines a map that is to be used when we store certain values in macros. The macros that we are going to use are defined in the next lines and they areput1
andput2
with some generic default values (empty1 and empty2) to be used in debugging.When
check_compat
is called it was a single argument in the form ofsender@address $| recipient@address
. We need to canonify these addresses which in our case means bring them to the form ofuser < @ address . >
. You almost always canonify addresses with sendmail before doing anything else. The first two lines ofcheck_compat
deal with canonifying the address of the recipient and putting it into the{put2}
macro.Now our workspace (meaning the string on which the rest of the rule set operates on) has only the sender address and we canonify that too. This means that if
check_compat
stops at the fifth line, its output would be like:Therefore now we are ready to check any combination we want. Local users in your system are of the form
user < @ $=w .>
. The$=w
macro contains the value of your domain name, localhost, hostname, anything that is to be considered local, including values in/etc/mail/local-host-names
. So this line instructs sendmail that ifuser
(where "user" should be replaced by the username of the user in question) sends email to any local user (this is the meaning of$* < @ $=w . >
) accept this mail and continue with all other filtering activities. But if said user is trying to send mail elsewhere, silently discard this.After you are done editing
sendmail.mc
you need to run/etc/mail/make
to buildsendmail.cf
and the runservice sendmail restart
to restart sendmail with the new changes. Keep in mind that the left hand side of the rules is separated from the right hand side with tabs and not spaces. So do not copy-paste the code. Type it by hand.There is one more rule set above and this is
Translate
. When in test mode, you cannot use$|
directly. So if you want to test your rules before going to production you have to use it:and see what happens.