Hi everyone,
i need to setup my mapping table in order to deny access to any ip address configured in dispatcher for every sender that is on local domain.
If i set the rule for a specific local domain as follow it works fine, but i can't build a dynamic rule to search local domains on the LDAP Server.
tcp_local|*@localdomain1.com|*|*$NSender$ access$ rejected
Any ideas?
thank's in advance!
Let's back up, and try to figure out what it is you're really trying to do. I don't understand your first sentance. . ..
Better to tell me what you're trying to do, rather than how you're trying to do it.
What ip addresses are you trying to block? For what result? Are you trying to blacklist some servers, or what?
Let me explain to you what i'm trying to do!
i've two ip addresses configured inside dispatcher.cnf, the first one is the MX record and the second one (musttls and mustsasl) is where clients (MUA) are supposed to connect to send mail.
I need to setup a rule inside mappings to avoid user can send mail locally, using as sender a local sender and as the smtp server the mx record instead of the other ip address with sasl .
The rule i described in the first post, works fine but every time i'll add a domain i'll have to add a rule , so i'm tryng to obtain the same goal using ldap to select local domain instead of to write them every time by hand inside a new rule.
Sorry for my english i know it's not so good!!!
Bye
I think what you're looking for is the hard way.
Why does it really matter if your users hit the wrong interface? I'm not at all sure what you are after, here, in any case.
There really isn't all that much advantage in having the two ip addresses.
You can already require authentication for your users, by ip range.
Topic is not what i'm trying to do and why , but if is possible to write an access rule under mappings table orig_send_access which deny access to every user incomig from tcp_custom channel and using a user of a local domain as sender.
As i said before if i use a rule like this:
tcp_custom|*@localdomain.com|*|*$NNot$ allowed
It works fine, but the problem is that for each new local domain I add, I have to add a new rule, so it would be more simple to write just on rule which select local domains from LDAP.
I hope to have explained my goal!
regards!!
Caius
Hi,
> tcp_custom|*@localdomain.com|*|*$NNot$
> allowed
>
> It works fine, but the problem is that for each new
> local domain I add, I have to add a new rule, so it
> would be more simple to write just on rule which
> select local domains from LDAP.
If all of the domains are local, then they should be all going to the same outgoing channel correct? If that is the case, why don't you do the following:
tcp_custom|*|tcp_intranet|* $NNot$ allowed
tcp_custom|*|ims-ms|* $NNot$ allowed
That way as soon as you add a new domain, the emails will be routed to either tcp_intranet (if on another host) or ims-ms (if hosted locally) and therefore fail. Any emails destined for some other external domain should be routed via tcp_local and succeed.
Regards,
Shane.
First of all, thank's for your reply.
Well as i explained i need to deny acces just to user which set a local user as sender and not to all user.
As you can see in my previous post, the rule i defined in orig_send_access look for sender domain , i need to check the just the sender domain and deny access if the domain is a local domain.
Regards
Caius
