block some users in sendmail to local

[ash_great]

i want to block some users to be able to send mail to only local domain and others should be able to send mail to internet. i know how to do it through iptables. i want a solution to do it through sendmail.

thanks
Ashish Malik

[wassy121]

This depends on your OS. I work a lot with RHEL 3, so I will base my guesses on that OS. First, I would make it so the users in question did not have a login shell. I would make their login shell /sbin/nologin. I would then setup a file, lets say /etc/nomailforyou . I would then run:

echo $USERNAME >> /etc/nomailforyou

Then, I would edit the PAM configuration to disallow anyone listed in that file from sending email. I would do this by running:

echo "auth required pam_listfile.so item=user sense=deny file=/etc/nomailforyou onerr=succeed" >> /etc/pam.d/smtp.sendmail

This will make it so the user in question will not be able to send mail through SMTP authentication ever again, since sendmail uses PAM to determine if an external user is eligible to relay mail.

Note, this will not work with people that have local access to the machine. There is no easy or elegant way to disallow someone with login access from sending mail.

Best,

Samuel