The access database is a collection of rules that describe what action should be taken for messages received from nominated hosts. The default access control file is called /etc/mail/access . The table has a simple format. Each line of the table contains an access rule. The lefthand side of each rule is a pattern used to match the sender of an incoming mail message. It may be a complete email address, a hostname, or an IP address. The righthand side is the action to take. There are five types of action you may configure. These are:
- OK
- RELAY
- REJECT
- DISCARD
- ### any text
Accept the mail message.
Accept messages from this host or user even if they are not destined for our host; that is, accept messages for relaying to other hosts from this host.
Reject the mail with a generic message.
Discard the message using the $#discard mailer.
Return an error message using ### as the error code (which should be RFC-821 compliant) and "any text" as the message.
An example /etc/mail/access might look like:
friends@cybermail.com REJECT
aol.com REJECT
207.46.131.30 REJECT
postmaster@aol.com OK
linux.org.au RELAY
This example would reject any email received from friends@cybermail.com , any host in the domain aol.com and the host 207.46.131.30 . The next rule would accept email from postmaster@aol.com despite the fact that the domain itself has a reject rule. The last rule allows relaying of mail from any host in the linux.org.au domain.
To enable the access database feature, use the following declaration in your sendmail.mc file:
FEATURE(access_db)
The default definition builds the database using hash -o /etc/mail/access , which generates a simple hashed database from the plain text file. This is perfectly adequate in most installations. There are other options that you should consider if you intend to have a large access database. Consult the sendmail book or other sendmail documentation for details.
18.8.4.3. Barring users from receiving mail
If you have users or automated processes that send mail but will never need to receive it, it is sometimes useful to refuse to accept mail destined for them. This saves wasted disk-space storing mail that will never be read. The blacklist_recipients feature, when used in combination with the access_db feature, allows you to disable the receipt of mail for local users.
To enable the feature, you add the following lines to your sendmail.mc file, if they're not already there:
FEATURE(access_db)
FEATURE(blacklist_recipients)
To disable receipt of mail for a local user, simply add his details into the access database. Usually you would use the ### entry style that would return a meaningful error message to the sender so they know why the mail is not being delivered. This feature applies equally well to users in virtual mail domains, and you must include the virtual mail domain in the access database specification. Some sample /etc/mail/access entries might look like:
daemon 550 Daemon does not accept or read mail.
flacco 550 Mail for this user has been administratively disabled.
grump@dairy.org 550 Mail disabled for this recipient.
