white lists

Vernon Schryver vjs@calcite.rhyolite.com
Sat Apr 20 21:10:34 UTC 2002


> From: "Mark Motley" <mark@motleynet.com>

> ...
> For those who use it.  In my case, sendmail is merely gateway for an
> Exchange environment.  There are no local accounts on sendmail box at
> all, instead mailertables and virtusertables simply forward mail via
> SMTP to where it needs to go.  I'm not sure how one would use procmail
> in this environment.

Modern sendmail can use a procmail "mailer."  I've not looked at it at
all, but I assume you could use something like `procmail $u/.procmailrc`
to pick a unique procmail control file for each user.

I think this would require entries in /etc/passwd for all valid users
on the sendmail machine, but they would not need to be real shell
accounts that could be (ab)used.


> ...
> Perhaps I don't fully understand whitelists yet (there seems to be a lot
> of that going around), but the thought behind my comments was more of
> not having to match the entire From: header EXACTLY.  In other words, if
> I'm whitelisting messages from "Joe Smith <joe@smith.com>", I'd much
> rather put "joe@smith.com" in my whitelist rather than the entire
> address.  This would also help with whitelisting mailing lists and the
> like.

That would be useful, but then other people would point out the hassles
of dealing with "From: 12345667890asdfghkjkl@whatever.example.com"
and urge being able to ignore the username.  Then others would point
out that vjs@calcite.rhyolite.com is the same as vjs@rhyolite.com so
why not be a little smarter.  Then still others would mention that
example.com and example.net are often the same.  An so on until you
either have full extended regular expressions or you have drawn the
line short of them.

Every time someone says that procmail is a bad thing, I wonder how
a DCC client crossed with procmail could avoid being worse.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.