Recipe 3.7 Relaying Mail for Individual HostsProblemYou have been asked to configure a mail relay host to relay mail for specific hosts but not for every host within a domain. SolutionOn the mail relay host, create a relay-domains file that contains the name of each host for which mail should be relayed. Add the relay_hosts_only feature to the sendmail configuration on the mail relay host. Here is the required FEATURE command: dnl Configure the server to relay mail for specific hosts FEATURE(`relay_hosts_only') Then build sendmail.cf , copy it to /etc/mail, and restart sendmail, as described in Recipe 1.8. DiscussionOn our sample mail relay host, we create the following relay-domains file: # cat > /etc/mail/relay-domains rodent.wrotethebook.com horseshoe.wrotethebook.com jamis.wrotethebook.com tcp.ora.com chill.sybex.com wrotethebook.com Ctrl-D A sendmail -bt test shows the values stored in class $=R : # sendmail -bt ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> > $=R tcp.ora.com rodent.wrotethebook.com chill.sybex.com jamis.wrotethebook.com horseshoe.wrotethebook.com wrotethebook.com > /quit Normally, values in class $=R are interpreted as domain names , and any host within a domain listed in class $=R is allowed to relay mail through the server. Recipe 3.6 uses this fact to relay mail for entire domains. In this case, however, we want wrotethebook.com interpreted as a hostname, not a domain name, and we want mail routed for that host. The relay_hosts_only feature changes how the entries in class $=R are used. In the default configuration, pattern matches against class $=R contain the string $*$=R , which matches zero or more tokens and any value stored in $=R . Thus wrotethebook.com , crab.wrotethebook.com , and fun.rodent.wrotethebook.com would all pattern match the wrotethebook.com value found in the class $=R array shown above. The relay_hosts_only feature changes the string in the pattern match to $=R , meaning that only exact matches of values found in class $=R are valid matches. When relay_hosts_only is used with our sample class $=R values, rodent.wrotethebook.com matches the pattern because rodent.wrotethebook.com is included in $=R ; however, crab.wrotethebook.com does not match ”even though the value wrotethebook.com appears in the array. Only a host named wrotethebook.com would match that specific value when relay_hosts_only is used. A couple of tests demonstrate the impact of the relay_hosts_only feature. A telnet test from rodent shows that smtp is configured to allow relaying for rodent : $ telnet smtp.wrotethebook.com smtp Trying 192.168.0.8... Connected to 192.168.0.8. Escape character is '^]'. 220 smtp.wrotethebook.com ESMTP Sendmail 8.12.9/8.12.9; Fri, 15 Aug 2003 15:36:52 - 0400 HELO rodent.wrotethebook.com 250 smtp.wrotethebook.com Hello rodent.wrotethebook.com [192.168.0.3], pleased to meet you MAIL From:<craig@rodent.wrotethebook.com> 250 2.1.0 craig@rodent.wrotethebook.com... Sender ok RCPT To:<tyler@example.com> 250 2.1.5 tyler@example.com... Recipient ok QUIT 221 2.0.0 smtp.wrotethebook.com closing connection Connection closed by foreign host. The same test run from crab shows that crab is not allowed to relay through smtp : # telnet smtp.wrotethebook.com smtp Trying 192.168.0.8... Connected to 192.168.0.8. Escape character is '^]'. 220 smtp.wrotethebook.com ESMTP Sendmail 8.12.9/8.12.9; Fri, 15 Aug 2003 20:43:11 - 0400 HELO crab.wrotethebook.com 250 smtp.wrotethebook.com Hello crab.wrotethebook.com [192.168.0.15], pleased to meet you MAIL From:<craig@crab.wrotethebook.com> 250 2.1.0 craig@crab.wrotethebook.com... Sender ok RCPT To:<tyler@example.com> 550 5.7.1 tyler@example.com... Relaying denied QUIT 221 2.0.0 smtp.wrotethebook.com closing connection Connection closed by foreign host. One final test from crab shows the full impact of class $=R on relaying: $ telnet smtp.wrotethebook.com smtp Trying 192.168.0.8... Connected to smtp. Escape character is '^]'. 220 smtp.wrotethebook.com ESMTP Sendmail 8.12.9/8.12.9; Fri, 15 Aug 2003 14:20:16 - 0400 HELO crab.wrotethebook.com 250 smtp.wrotethebook.com Hello crab.wrotethebook.com [192.168.0.3], pleased to meet you MAIL From:<craig@crab.wrotethebook.com> 250 2.1.0 craig@crab.wrotethebook.com... Sender ok RCPT To:<kathy@rodent.wrotethebook.com> 250 2.1.5 kathy@rodent.wrotethebook.com... Recipient ok QUIT 221 2.0.0 smtp.wrotethebook.com closing connection Connection closed by foreign host. In this case, crab successfully relays mail through smtp . If either the sending host or the recipient host is listed in class $=R , the mail is accepted for relaying. Therefore, mail sent from crab to rodent is accepted for relaying, even though crab is not granted relaying privileges, because rodent is allowed to relay and rodent is the destination of this piece of mail. See AlsoSection 7.4.6 in the sendmail book covers the relay_hosts_only feature. Recipe 3.6 and Recipe 3.8 provide solutions to similar problems that may also need to be evaluated. |