SMTP Proxy Service
Note -
User authentication does not apply.
To Set Up the SunScreen Environment
-
Configure addresses and rules for DNS servers and address(es) for SMTP server(s) as follows:
ssadm edit Initial edit> add Address dns0 HOST 1.2.3.4 edit> add Address dns1 HOST 1.2.3.5 edit> add Address dns-servers GROUP { dns0 dns1 } { } edit> add Address smtp-server HOST ... edit> add Rule dns localhost dns-servers ALLOW -
Test Spam filtering:
edit> add Rule smtp "*" smtp-server ALLOW PROXY_SMTP RELAY (To allow any address to all inbound mailboxes, no relay checking.) edit> save
-
Type the following to create a basic mail spam list (list of domains and/or addresses which won"t be allowed to send mail):
ssadm edit Initial mail_spam add spam.com ssadm edit Initial mail_spam add 0.0.0.0..255.255.255.255
-
Type the following to activate the configuration:
ssadm activate Initial
This refuses mail from any named host in spam.com, any host which has an unregistered address, and any originator name (in MAIL FROM: command) within spam.com.)
-
Connection from an unregistered host, or from a registered host under the domain spam.com:
% telnet efs 25 Trying 1.2.3.4... Connected to efs Escape character is "^]". 455 Smells like ... bacon ... no, spam! Connection closed by foreign host.
The reverse-translated name (or lack thereof) has determined the originator is a spammer.
-
Connection from a registered host not under the domain spam.com:
% telnet efs 25 Trying 1.2.3.4... Connected to efs Escape character is "^]". 220 efs ESMTP Sendmail 8.7.4/8.7.3; Thu, 11 Mar 1999 19:34:40 -0800 (PST) helo me.com 250 efs Hello me.com [3.4.5.6], pleased to meet you mail from: elvis-lives@spam.com 455 Smells like ... bacon ... no, spam! Connection closed by foreign host.
Connection aborted because originating user was determined to be a spammer. An alternate syntax for the mailbox is: elvis-lives@spam.com.
-
Test relay blocking:
Type the following to replace the previous rule with a rule that checks relaying:
edit> add Rule smtp "*" smtp-server ALLOW PROXY_SMTP
This allows only configured domains in inbound mailbox names.
-
Type the following to create a basic mail relay list (a list of domains and/or hosts which will/will not be allowed as recipient):
ssadm edit Initial mail_relay add good.org ssadm edit Initial mail_relay add !too.good.org ssadm edit Initial mail_relay add !too-mailer ssadm edit Initial mail_relay add plenty.org
The ! prefix indicates that the domain or host is not to be allowed; if you are using csh, remember to escape the !, as it is a shell meta-character.
Relay processing first compares the recipient domain(s) to those which are NOTs (that is, begin with !); if the recipient is found there, the message is refused.
Second, the recipient domain(s) are compared to the list of OK domains (that is, without " !); if found, the recipient is allowed.
-
Activate the configuration.
This refuses mail to any mailbox in the subdomain too.good.org or for the host too-mailer, but accepts messages bound for any mailbox in other parts of good.org, or any mailbox in plenty.org (from RCPT TO: command).
-
Mail for allowed recipients, ending in one which will not be relayed-to:
% telnet efs 25 Trying 1.2.3.4... Connected to efs Escape character is "^]". 220 efs ESMTP Sendmail 8.7.4/8.7.3; Thu, 11 Mar 1999 19:34:40 -0800 (PST) helo me.com 250 efs Hello me.com [3.4.5.6], pleased to meet you mail from: me@me.com 250 me@me.com... Sender ok rcpt to: <johnny.b@good.org> 250 Recipient ok rcpt to: extra@extra@good.org 250 Recipient ok rcpt to: <chinz@plenty.org> 250 Recipient ok rcpt to: but.not@too.good.org 454 Relay refused Connection closed by foreign host.
Connection aborted because the recipient would require a forbidden relay operation.
Other examples of relay addresses which will not be allowed are:
-
bad1@too-mailer
-
bad2@too-mailer@good.org
-
bad3@too.good.org@good.org
-
@good.org,bad4@too.good.org
-
@too.good.org,bad5@ok.good.org
Note that the last two bullet items are examples of older, ARPANET-style path naming, and most modern sendmails are not configured to accept them, regardless of whether or not they pass our relay filtering.
Also note that mailbox names surrounded by <> are treated as if they there are no <>s.
-
-
Test default relay:
If there is no configured relay list, the domain name of the SunScreen host itself is used as the allowed domain. For example, if the SunScreen name is host@domain.com, the relay checking behaves as if the following command was configured as the entire relay list:
ssadm edit Initial mail_relay domain.com
-
Mail which actually get through:
% telnet efs 25 Trying 1.2.3.4... Connected to efs Escape character is "^]". 220 efs ESMTP Sendmail 8.7.4/8.7.3; Thu, 11 Mar 1999 19:34:40 -0800 (PST) helo me.com 250 efs Hello me.com [3.4.5.6], pleased to meet you mail from: me@me.com 250 me@me.com... Sender ok rcpt to: you@good.com 250 Recipient ok rcpt to: really@really.good.org 250 Recipient ok rcpt to: i-got@plenty.org 250 Recipient okrcpt to: good@and.plenty.org 250 Recipient ok data 354 Enter mail, end with "." on a line by itself Subject: I Love Candy I really, really love good candy ... yummm! Send me some!. 250 UAA01234 Message accepted for delivery quit 221 efs closing connection Connection closed by foreign host.
After the . (ending the mail session), the proxy (and mailer) returns to the state where it expects a next message (starting with a MAIL FROM: command.
Note -Backslash \ and end of line denote command line continuation.
- © 2010, Oracle Corporation and/or its affiliates