Local_check_relay and check_relay
V8.8 sendmail supports two
mechanisms for screening incoming SMTP connections.
One is the libwrap.a mechanism,
and the other is the check_relay rule set. V8.9
sendmail added a third
mechanism, the access database
(The access Database on page
277).
The Local_check_relay rule set provides a
hook into the check_relay rule set, which is used to
screen incoming network connections and accept or
reject them based on the hostname, domain, or IP
address. It is called just before the
libwrap.a code and can be
used even if that code was omitted from your release
of sendmail. Note that the
check_relay
rule set is not called if
sendmail was run with the
-bs
command-line switch (-bs on page
236).
The check_relay
rule set is called with a workspace that looks like
this:
host $| IPaddress
The hostname and IP address are separated by the
$| operator.
The host is the
fully qualified canonical name of the connecting
host. The IPaddress is the IP address of that
host in dotted-quad form without surrounding square
brackets, or the IPv6 address prefixed with a
literal IPv6:.
Note that if you also declare the FEATURE(use_client_ptr)
(FEATURE(use_client_ptr)—V8.13 and Later on page 297), the value from the ${client_ptr} macro
(${client_ptr} on page 813) will be used in place of the
IPaddress.
By default, the check_relay rule set allows all
connections. This behavior can be overridden or
enforced in the access database
by prefixing leftmost keys with a literal Connect: (Finer ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
