WHitelisting authenticated users

Pawel Osiczko p.osiczko@tetrapyloctomy.org
Fri Jun 22 18:38:34 UTC 2007


Sam,

I'm running SSL with SMTP AUTH and DCC and I can successfully bypass
greylisting of the auth-ed sessions. I use standard hackme mc munging of
my sendmail mc.

I had struggled with the same problem as yours for a while only to find
out that I foolishly used delay_checks feature in my mc (it's even
explicitly mentioned in the hackme script in the -T option writeup not
to use FEATURE(`delay_checks')). Once I removed delay_checks feature,
regenerated sendmail.cf with hackme, greylisting was was not invoked for
auth-ed sessions.

--p

Sam Leffler wrote:
> Vernon Schryver wrote:
>>> From: Daniel V Klein 
>>
>>> I'd like to whitelist any authenticated-user email (they come from
>>> all manner
>>> of IP adresses, so they are not necessarily "local").  Is this possible?
>>
>> You might Use `/var/dcc/libexec/hackmc -T` as the text in that shell
>> script says to:
>>
>> #   -T  modify the sendmail rules to trust (whitelist) mail from users
>> #       authenticated with an SMTP AUTH TRUST_AUTH_MECH() mechanism or
>> from
>> #       SMTP clients with certificates verified with START TLS.
>> #       If STMP-AUTH used, TRUST_AUTH_MECH must be set in the .mc file
>> and
>> #       sendmail must be built with SASL or otherwise have working
>> SMTP auth.
>> #       FEATURE(`delay_checks') must NOT be used.
>>
>> It works for me with START TLS, but I've never tried with SMTP AUTH.
>> It should be the same, but I have heard a report from someone who
>> was unable to make it work.
> 
> I've never been able to leverage SMTP AUTH to bypass greylisting w/
> sendmail.  Not sure if that's the intent of the original request.  Some
> folks suggested running sendmail on a separate port w/ a different
> config that required SMTP AUTH and bypassed greylisting in the config
> but I never did that.
>



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.