[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access control for services

Jan-Piet Mens wrote:

> Sendmail may be a bigger problem. Just thinking out loud here: if
> sendmail would recognize a user as being local when using nss_ldap
> then you could easily hack nss_ldap to use an appropriate filter.

You'd better use the LDAPRouting feature that is built into sendmail >=8.10.
You need to populate the DS with inetLocalMailRecipient-like attributes,
that is a local mail address, a mail routing address and/or a mail host
(you should check the sendmail-cf/cf/README file for details).
Then all you need to do, in compiling your sendmail.cf file from m4 macros
is to tell LDAPRouting to bounce local mail that cannot be looked up
properly, and tailor the filter of the mail host/mail routing address
in the related ldap maps to discard peolpe with undesired attributes.
There's plenty of examples in sendmail's documentation; in case of trouble,
you should check comp.mail.sendmail newsgroup, where the topic has been
largely debated.

Bye, Pierangelo.

Dr. Pierangelo Masarati               | voice: +39 02 2399 8365
Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
Politecnico di Milano                 | mailto:masarati@aero.polimi.it
via La Masa 34, 20156 Milano, Italy   | http://www.aero.polimi.it/~masarati