[comp.mail.sendmail] UK-Sendmail Authorisation program

jonathan@cs.keele.ac.uk (Jonathan Knight) (02/07/89)

Hi there.  Well, I now have UK-2.1 up and running thanks to Jem Taylor.  Now
I have a little problem.  We run as a multi-host site.  Students are banished
to a machine which is on our ethernet while the staff and postgrads get to
use a machine on the same ethernet with an X25 board.  Now I'd like the
students to be able to mail the staff, but I would also like to stop
them mailing to the USA.  JANET access for the students is not vital as they
can use a different machine to get to it.

The authorise program seemed ideal, but I don't want to have to place
each and every students login name into /usr/lib/authorisations to
explicitly ban them.  I also want to avoid placing all the staff in here
as well.  Ideally I'd like to be able to ban any mail from the student
machine which is aimed at passing THROUGH a gateway.  I don't mind
them mailing someone AT the gateway, I just don't want stuff going
through it.

Authorise doesn't get to know where the mail is comming from as by the
time it gets the 'sender', its already been set up for the multi-host
option.  Is there anyway setting up authorise so it knows where the
mail came from in a multi-host environment, and is there anyway of
stopping mail addresses like this "jon%daisy.cmu.edu@ukc" but allowing
mail like this "jon@ukc"?

  ______    JANET :jonathan@uk.ac.keele.cs     Jonathan Knight,
    /       BITNET:jonathan%cs.kl.ac.uk@ukacrl Department of Computer Science
   / _   __ other :jonathan@cs.keele.ac.uk     University of Keele, Keele,
(_/ (_) / / UUCP  :...!ukc!kl-cs!jonathan      Staffordshire.  ST5 5BG.  U.K.

jac@doc.ic.ac.uk (Jim Crammond) (02/09/89)

|Ideally I'd like to be able to ban any mail from the student machine
|Is there anyway setting up authorise so it knows where the
|mail came from in a multi-host environment?

The answer to this one is yes!

By default the authorise program receives "$g" as the from address from
sendmail. If instead you change this to "$s" - i.e. the sender domain
(which includes the actual host) then you can authorise on that.

So, you could put something in your localise.sh such as:

	ed mailers.m4 <<'EOF'
	/authorise janet/s/$g/$s/
	w
	q
	EOF


-Jim.