Jim Bacon sent me this version of check_rcpt which uses a patch from Miquel van Smoorenburg to find out for which machines your mailserver is secondary MX and therefore should allow relaying. This avoids maintaining another file (RelayTo). I've changed the ruleset a bit, since there was a small problem with it.
Here is my hack file to be used instead of Claus' check_rcpt* files. Note: it does not require the use of the use_relayto.m4 hack file but does use the optional use_localip and use_localnames hacks. To use, just place HACK(check_ismx) in the .mc file. *** check_ismx.m4 divert(-1) divert(0) VERSIONID(`@(#)check_ismx.m4 1.1 (Jim Bacon) 1997-08-23') PUSHDIVERT(6) Kismx ismx POPDIVERT divert(2) define(`_USE_NAMES_RULES',`R $`'| $`'* $`'@ ok no client name: directly invoked R$`'*$`'=w $`'| $`'* $`'@ ok from here R$`'*$`'={LocalNames} $`'| $`'* $`'@ ok from allowed system') LOCAL_RULESETS Scheck_rcpt ifdef(`_USE_RCPT_', `', `errprint(`HACK "check_ismx" requires use_ip or use_names')')dnl ifdef(`_USE_IP_', R$+ $: $(dequote "" $&{client_addr} $) $| $1 R0 $| $* $@ ok client_addr is 0 for sendmail -bs R$={LocalIP}$* $| $* $@ ok from here ifdef(`_USE_NAMES_', R$* $| $+ $: $(dequote "" $&{client_name} $) $| $2 _USE_NAMES_RULES ), R$+ $: $(dequote "" $&{client_name} $) $| $1 _USE_NAMES_RULES )dnl R$* $: $>3 $1 R$*<@$+>$* $: $1 <@ $(ismx $2 $: NOMX $) > $3 R$*<@NOMX>$* $#error $@ 5.7.1 $: 571 unauthorized relay destination R$*<@TEMPFAIL>$* $#error $@ 4.5.1 $: 451 Cannot resolve destination *** sendmail-8.8.7-ismx diff -ru sendmail-8.8.7.orig/src/conf.c sendmail-8.8.7/src/conf.c --- sendmail-8.8.7.orig/src/conf.c Tue Jan 21 16:47:13 1997 +++ sendmail-8.8.7/src/conf.c Tue Jun 3 14:26:44 1997 @@ -395,6 +395,9 @@ MAPDEF("bestmx", NULL, MCF_OPTFILE, map_parseargs, null_map_open, null_map_close, bestmx_map_lookup, null_map_store); + MAPDEF("ismx", NULL, MCF_OPTFILE, + map_parseargs, null_map_open, null_map_close, + ismx_map_lookup, null_map_store); #endif MAPDEF("host", NULL, 0, diff -ru sendmail-8.8.7.orig/src/domain.c sendmail-8.8.7/src/domain.c --- sendmail-8.8.7.orig/src/domain.c Wed Oct 30 18:42:21 1996 +++ sendmail-8.8.7/src/domain.c Tue Jun 3 15:53:40 1997 @@ -480,6 +480,52 @@ return map_rewrite(map, mxhosts[0], strlen(mxhosts[0]), av); } /* +** ISMX -- find if we are the MX for a certain host. +** +** This is really a hack, but I don't see any obvious way +** to generalize it at the moment. +*/ + +char * +ismx_map_lookup(map, name, av, statp) + MAP *map; + char *name; + char **av; + int *statp; +{ + int nmx, i, len; + auto int rcode; + int saveopts = _res.options; + char *mxhosts[MAXMXHOSTS + 1]; + char *mymx = NULL; + + _res.options &= ~(RES_DNSRCH|RES_DEFNAMES); + nmx = getmxrr(name, mxhosts, FALSE, &rcode); + _res.options = saveopts; + if (rcode != EX_TEMPFAIL) { + if (nmx <= 0) + return NULL; + for(i = 0; i < nmx; i++) { + len = strlen(mxhosts[i]); + if (len && mxhosts[i][len - 1] == '.') + mxhosts[i][len - 1] = 0; + if (wordinclass(mxhosts[i], 'w')) { + mymx = mxhosts[i]; + break; + } + } + if (mymx == NULL) + return NULL; + } else + mymx = "TEMPFAIL"; + + if (bitset(MF_MATCHONLY, map->map_mflags)) + return map_rewrite(map, name, strlen(name), NULL); + else + return map_rewrite(map, mymx, strlen(mymx), av); +} + +/* ** DNS_GETCANONNAME -- get the canonical name for named host using DNS ** ** This algorithm tries to be smart about wildcard MX records. -- Jim Bacon (JB211), SysAdmin Metropolitan Austin Interactive Network jim@MAIN.Org http://www.main.org/~jim include <std/disclaimer.h> "You deal with content and humans, I deal with reality." -- A Sysadmin talking to a Webmaster -... --- ..-. ....