nschindler
MIS
Hello,
I manage an open source Sendmail (8.14.4) implementation and I have a new requirement which I believe requires a custom local rule.
Basically we have two user accounts on the system used for AUTHenticated relay. I've been asked to require TLS for one of the two accounts. From what I've read so far about macros, it looks like {auth_authen} stores the user name used in AUTH and {verify} stores status of the client cert used for TLS.
The way I think I have to do this is to create a local rule to check that the user name in {auth_authen} equals the user name we want to require TLS for, and also check that {verify} doesn't equal "NONE". Depending on the results of those evaluations, I can store a string in a new {md_tag} macro and pass that to MIMEDefang, which can either accept or reject the message based on the results. For example, if user2 is required to use TLS, then the logic would be: if {auth_authen} equals "user2" AND {verify} doesn't equal "NONE" then set {md_tag} to "OK"
If possible, I would like assistance in writing the actual Sendmail rule to provide the information I'll need to pass to MIMEDefang. I'm ok with general Sendmail configuration, but writing custom rules is a little daunting and I've never done it before.
As far as I know, there's no way to intercept and evaluate the AUTH after the user name is provided but BEFORE the password is provided to see if a specific user has already enabled TLS. Please correct me if I'm wrong.
Also, I realize there's a general setting to require TLS for all AUTH attempts, but that's not an option at this point.
Thanks in advance,
Nate
I manage an open source Sendmail (8.14.4) implementation and I have a new requirement which I believe requires a custom local rule.
Basically we have two user accounts on the system used for AUTHenticated relay. I've been asked to require TLS for one of the two accounts. From what I've read so far about macros, it looks like {auth_authen} stores the user name used in AUTH and {verify} stores status of the client cert used for TLS.
The way I think I have to do this is to create a local rule to check that the user name in {auth_authen} equals the user name we want to require TLS for, and also check that {verify} doesn't equal "NONE". Depending on the results of those evaluations, I can store a string in a new {md_tag} macro and pass that to MIMEDefang, which can either accept or reject the message based on the results. For example, if user2 is required to use TLS, then the logic would be: if {auth_authen} equals "user2" AND {verify} doesn't equal "NONE" then set {md_tag} to "OK"
If possible, I would like assistance in writing the actual Sendmail rule to provide the information I'll need to pass to MIMEDefang. I'm ok with general Sendmail configuration, but writing custom rules is a little daunting and I've never done it before.
As far as I know, there's no way to intercept and evaluate the AUTH after the user name is provided but BEFORE the password is provided to see if a specific user has already enabled TLS. Please correct me if I'm wrong.
Also, I realize there's a general setting to require TLS for all AUTH attempts, but that's not an option at this point.
Thanks in advance,
Nate
