Recipe 3.7 Relaying Mail for Individual Hosts

Problem

You have been asked to configure a mail relay host to relay mail for specific hosts but not for every host within a domain.

Solution

On the mail relay host, create a relay-domains file that contains the name of each host for which mail should be relayed.

Add the relay_hosts_only feature to the sendmail configuration on the mail relay host. Here is the required FEATURE command:

 dnl Configure the server to relay mail for specific hosts FEATURE(`relay_hosts_only')

Then build sendmail.cf , copy it to /etc/mail, and restart sendmail, as described in Recipe 1.8.

Discussion

On our sample mail relay host, we create the following relay-domains file:

 #  cat > /etc/mail/relay-domains   rodent.wrotethebook.com   horseshoe.wrotethebook.com   jamis.wrotethebook.com   tcp.ora.com   chill.sybex.com   wrotethebook.com   Ctrl-D

A sendmail -bt test shows the values stored in class $=R :

 #  sendmail -bt  ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> >  $=R  tcp.ora.com rodent.wrotethebook.com chill.sybex.com jamis.wrotethebook.com horseshoe.wrotethebook.com wrotethebook.com >  /quit

Normally, values in class $=R are interpreted as domain names , and any host within a domain listed in class $=R is allowed to relay mail through the server. Recipe 3.6 uses this fact to relay mail for entire domains. In this case, however, we want wrotethebook.com interpreted as a hostname, not a domain name, and we want mail routed for that host.

The relay_hosts_only feature changes how the entries in class $=R are used. In the default configuration, pattern matches against class $=R contain the string $*$=R , which matches zero or more tokens and any value stored in $=R . Thus wrotethebook.com , crab.wrotethebook.com , and fun.rodent.wrotethebook.com would all pattern match the wrotethebook.com value found in the class $=R array shown above. The relay_hosts_only feature changes the string in the pattern match to $=R , meaning that only exact matches of values found in class $=R are valid matches. When relay_hosts_only is used with our sample class $=R values, rodent.wrotethebook.com matches the pattern because rodent.wrotethebook.com is included in $=R ; however, crab.wrotethebook.com does not match ”even though the value wrotethebook.com appears in the array. Only a host named wrotethebook.com would match that specific value when relay_hosts_only is used.

A couple of tests demonstrate the impact of the relay_hosts_only feature. A telnet test from rodent shows that smtp is configured to allow relaying for rodent :

 $  telnet smtp.wrotethebook.com smtp  Trying 192.168.0.8... Connected to 192.168.0.8. Escape character is '^]'. 220 smtp.wrotethebook.com ESMTP Sendmail 8.12.9/8.12.9; Fri, 15 Aug 2003 15:36:52 - 0400  HELO rodent.wrotethebook.com  250 smtp.wrotethebook.com Hello rodent.wrotethebook.com [192.168.0.3], pleased to  meet you  MAIL From:<craig@rodent.wrotethebook.com>  250 2.1.0 craig@rodent.wrotethebook.com... Sender ok  RCPT To:<tyler@example.com>  250 2.1.5 tyler@example.com... Recipient ok  QUIT  221 2.0.0 smtp.wrotethebook.com closing connection Connection closed by foreign host.

The same test run from crab shows that crab is not allowed to relay through smtp :

 #  telnet smtp.wrotethebook.com smtp  Trying 192.168.0.8... Connected to 192.168.0.8. Escape character is '^]'. 220 smtp.wrotethebook.com ESMTP Sendmail 8.12.9/8.12.9; Fri, 15 Aug 2003 20:43:11 - 0400  HELO crab.wrotethebook.com  250 smtp.wrotethebook.com Hello crab.wrotethebook.com [192.168.0.15], pleased to  meet  you  MAIL From:<craig@crab.wrotethebook.com>  250 2.1.0 craig@crab.wrotethebook.com... Sender ok  RCPT To:<tyler@example.com>  550 5.7.1 tyler@example.com... Relaying denied  QUIT  221 2.0.0 smtp.wrotethebook.com closing connection Connection closed by foreign host.

One final test from crab shows the full impact of class $=R on relaying:

 $  telnet smtp.wrotethebook.com smtp  Trying 192.168.0.8... Connected to smtp. Escape character is '^]'. 220 smtp.wrotethebook.com ESMTP Sendmail 8.12.9/8.12.9; Fri, 15 Aug 2003 14:20:16 - 0400  HELO crab.wrotethebook.com  250 smtp.wrotethebook.com Hello crab.wrotethebook.com [192.168.0.3], pleased to meet  you  MAIL From:<craig@crab.wrotethebook.com>  250 2.1.0 craig@crab.wrotethebook.com... Sender ok  RCPT To:<kathy@rodent.wrotethebook.com>  250 2.1.5 kathy@rodent.wrotethebook.com... Recipient ok  QUIT  221 2.0.0 smtp.wrotethebook.com closing connection Connection closed by foreign host.

In this case, crab successfully relays mail through smtp . If either the sending host or the recipient host is listed in class $=R , the mail is accepted for relaying. Therefore, mail sent from crab to rodent is accepted for relaying, even though crab is not granted relaying privileges, because rodent is allowed to relay and rodent is the destination of this piece of mail.

Recipe 3.7 Relaying Mail for Individual Hosts