From owner-freebsd-questions@FreeBSD.ORG Mon May 19 18:54:23 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 80CD2106564A for ; Mon, 19 May 2008 18:54:23 +0000 (UTC) (envelope-from dkelly@Grumpy.DynDNS.org) Received: from smtp.knology.net (smtp.knology.net [24.214.63.101]) by mx1.freebsd.org (Postfix) with ESMTP id 0E5918FC23 for ; Mon, 19 May 2008 18:54:22 +0000 (UTC) (envelope-from dkelly@Grumpy.DynDNS.org) Received: (qmail 3076 invoked by uid 0); 19 May 2008 18:54:20 -0000 Received: from unknown (HELO Grumpy.DynDNS.org) (216.186.148.249) by smtp8.knology.net with SMTP; 19 May 2008 18:54:20 -0000 Received: by Grumpy.DynDNS.org (Postfix, from userid 928) id 1D8DD28429; Mon, 19 May 2008 13:54:20 -0500 (CDT) Date: Mon, 19 May 2008 13:54:20 -0500 From: David Kelly To: brad davison Message-ID: <20080519185420.GA17546@Grumpy.DynDNS.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i Cc: freebsd-questions@freebsd.org Subject: Re: Lock down the all-staff email list? sendmail, alias, majordomo? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 May 2008 18:54:23 -0000 On Mon, May 19, 2008 at 03:23:30PM +0000, brad davison wrote: > > Our company has a sendmail server 8.13.8 running on FBSD 6.2 with > procmail. We currently have an alias set up for our all-staff email > (we only have about 200 users). Someone recently sent out an email to > the all-staff that someone didn't like, so now I have to restrict who > can send to it. If one is willing to consider replacing sendmail with postfix it appears there may be several ways to restrict who may send messages to an address. "man 5 access" and "man 5 header_checks" are my first guesses. Header_checks seems to run before the message is queued. If there is a match you can accept, reject, redirect, or many other things. OTOH if only a few people are allowed to send to all-staff then maybe it would be best to manually maintain a mail list in their personal address books? Another way to deal with it would be to rewrite the all-staff header with a bogus undeliverable address so that the minions don't know what the single whole world address is? So that if they reply it doesn't deliver, or it only delivers to a few select people? Only the privileged few know the real-all-staff email address. I know, its "security by obscurity" but when absolute security is not needed and all that is needed is protection from the ignorant its often plenty good enough. -- David Kelly N4HHE, dkelly@HiWAAY.net ======================================================================== Whom computers would destroy, they must first drive mad.