List those aliases (which are local) in a file:
LOCAL_CONFIG F{Internal}/etc/mail/intern.onlyThen the rules work like this:
LOCAL_RULESETS SLocal_check_rcpt # if the recipient isn't internal, they get the mail R$+ $: <@> $>3 $1 R<@> $={Internal}<@$=w.> $: <$1@$2> R<@> $={Internal} $: <$1@$j> # no internal alias R<@>$+ $@ OK # check to see if the sender is local R$* $: $>3 $&f R$+<@$=w.> $@ OK # empty sender: accept (RFC 1123) R<@> $@ OK R$+ $#error $: 551 $&f not allowed to send to recipient
Before 8.9, you have to use Scheck_rcpt instead of SLocal_check_rcpt.
The ruleset works like this:
A more sophisticated ruleset has been posted to comp.mail.sendmail .
A slightly better solution is to check the relaying host instead of the sender address, however, this requires that you don't have other servers "in front" of the one that performs these checks.
LOCAL_RULESETS SLocal_check_rcpt ... # check to see if the sender is local R$* $: $&{client_name} # or some other class instead of m R$*$=m $@ OKSOFAR R$* $#error $: 551 $&f not allowed to send to recipientYou can also use $&{client_name}; or you can lookup the name/address in the access map.
A much better solution is possible in sendmail 8.10 using SMTP AUTH. It requires that the sender is authenticated, for example:
LOCAL_RULESETS SLocal_check_rcpt ... # check to see if the sender is local R$* $: $&{auth_type} R$+ $@ OKSOFAR R$* $#error $: 551 $&f not allowed to send to recipientOf course you can use also other AUTH macros such as {auth_authen} or {auth_author} to provide even finer access control.
LOCAL_RULESETS SLocal_check_rcpt R$* $: $1 $| $>"Protect" $1 R$* $| $#$* $#$2 R$* $| $* $: $1 $| $>"Restrict" $1 R$* $| $#$* $#$2and rename the other rulesets:
LOCAL_RULESETS SProtect ... SRestrict ...