[Gllug] Sendmail, Firewalls, SSL...

Mike Brodbelt mike at coruscant.demon.co.uk
Fri Jun 28 13:41:48 UTC 2002


On Wed, 2002-06-26 at 13:10, Formi wrote:
> On 26 Jun 2002, Mike Brodbelt wrote:
> 
> > >  I want to be able to have the mail passed through procmail, 
> > >  but only for my domains and the server's owner accounts. 
> > >  Not the normal POP3 users. Is that possible?
> > 
> > What's the IMAP server? You can do this, but how will depend partly on
> > the IMAP server.
> 
>  It's the standard rh one, the UW Imap. 

Can't you just use procmail as the local delivery agent then? Just make
sure the normal pop3 guys don't have .procmailrc files.
 
> > The way I'd do it would be to have a class defined in your sendmail.cf
> > that maps to a hash map, and then populate that with a list of the
> > domains you want procmail processing for. You can then have sendmail
> > select procmail as the local delivery agent for those addresses. It;s
> > then procmail's job to perform final delivery. This may involve procmail
> > invoking yet another helper program to perform final delivery, if the
> > IMAP server uses a mailstore format that procmail doesn't understand
> > (i.e. cyrus).
> 
> 
> Could you provide an example?

Ok, you can define your procmail domains in a flat file like so:-

F{Procmail_domains}/etc/mail/procmail_domains

which is probably better than a hash map, thinking about it, as you're
not storing key/value pairs.

You'd then have a normal local mailer definition, and a procmail mailer
defintion. You then need to add logic to ruleset 0 to select the
procmail mailer if the domain part of the address is in the
Procmail_domains class. I've got no idea what RedHat supply as a
sendmail.cf these days, and if you're going to do this you should be
generating your own cf file from scratch. First make sure it works, then
add your own custom rules. You do this by adding:-

LOCAL_RULE_0

to your mc file, and then adding rules directly after that, which get
incorporated into the sendmail.cf that gets built. You'd need to test
the domain part against $={Procmail_domains} and select your mailer
based on that.
 
> > It's telling you the the common name presented in the IMAPS server's
> > certificate did not match the DNS name of the machine. You'll probably
> > need to regenerate the SSL cert to fix this. If it's a commercialy
> > signed cert, this may cost....
> 
> 
>   I guessed that one myself, I suppose I will have to find out how to 
>  create those certificate.
> 
>  They are personal sites, at least the ones I want ssl for.
> 
>  I suppose I should have made myself clear, I'm being lazy and asking
>  for the actual "implementation", like 
> 
>  type "ssl -c new.certificate"       # just an example.

Ah.

You have two options - eith use self-signed certs, or create a CA
yourself, and use that to sign all your certs. The latter is more work,
but you can import the CA public key into your browsers, and then you
never have to wade through the annoying security dialog boxes about
self-signed certs in future.

Go to www.modssl.org, and in the Documentation/FAQ area you'll find
detailed instructions on creating your own keys, certificae requests,
CA's, and suchlike.

Mike.



-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list