OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: smtpd_sender_login_maps account matches all domains possible

From: Robert Schetterer (robertschetterer.org)
Date: Sat Sep 16 2006 - 08:59:44 CDT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

mouss schrieb:
> Robert Schetterer wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi ll
>> ist it possible to have an entry in
>> smtpd_sender_login_maps
>> which matches all domains in i.e $relay_domains
>>
>> like
>>
>> example.com exampleuser
>> ** allmatcher
>>
>> ( i know this cant work its just for making clear what i want )
>>
>> without using mysql oder ldap tables
>> i tried it with a pcre table but
>> couldnt get it to run
>>
>
> What problem are you trying to solve? In general, general questions
> generally get general answers :)
>
> - you can subject your reject_*_mismatch to a check_sender_access.
> - you can generate the map using a script
> - as you said, you can use sql or ldap.
> ...
>
>
> --
> Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
> und ist - aktuelle Virenscanner vorausgesetzt - sauber.
>
hi mouss, i have a backup mxserver for some domains
some customers relay via sasl, this all works nice ( using
smtpd_sender_login_maps )
on the system we have a lokal account ( used to login via ssh )
now we wanted to use this system account ( which auth is done via sasl
pam nicely ) for deliver for all domains and sender adresses which are
configured on the server.
This is only for making us ( 2 OPs )the live easier only having this
backupmxserver in our mailclient an sending with different sender
addresses ( called idententities in thunderbird )
after all its not a big problem, including domains to this system user
in smtpd_sender_login_maps account works nicly , but i even thinked of ,
if its possible to match all domains with this system user , so we dont
have to edit the map if something changes.
we could also use another server or the original servers, but the mxback
still has all right mx entries , and all setup rightly , so its nice to
use it for that stuff.
i cant solve it with pop-before smtp cause there is no pop server, and i
dont want install one on this machine.
i think reject_*_mismatch to a check_sender_access will not work
cause this would match against ips ( am i right here ? ), but we want
this solution if are on the road with dynamic ip and make auth via sasl
a script would be the right solution , but i even thinked of something
easier, if it cant be done with some easy table edits it doesnt matter
i only asked , if somebody of the gurus has some magic vodoo edits which
i never thinked of

Best Regards

- --
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
https://www.schetterer.com/public-gpg-robert-schetterer.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)

iD8DBQFFDANQNxddAhXBw7QRAlPOAJ977pmqhg09gtm52SOqrr1KqLqp6wCfdgef
ygy9slyUeEr7cR50acFRhgg=
=S7OW
-----END PGP SIGNATURE-----

--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.