a sendmail puzzle
hey.
we've recently decided that it would be a good idea to build a new shell box
and isolate it a bit more then our current one is (keep the hackers a little
farther away from where anything important happens).
this box will also handle uucp mail because our uucp customers need to log
in to a server to fire up uucico, and i don't want them to have access to
anything but the shell box.
i also don't want this box to do any local delivery (except of course for
uucp). if shell users want access to their mail they can do it via pop with
pine/mutt/fetchmail to a server which has /var/mail mounted from our netapp.
the reason that i don't just mount /var/mail on the netapp is security. if a
server is going to be compromised it is 99% likely to be this one, and i
don't want an errant cracker to have access to everyone's mail.
basically all mail should be forwarded to a smarthost except uucp mail.
the problem is that mail sent on the command line to a user without a domain
appended is considered local without being parsed by mailertable (which is
what i'm using to define a smarthost).
i can't think of any good way to do this. i thought about using a global
procmail rule (/etc/procmailrc) to catch all mail being delivered without an
@ in it and to forward it to the same user at our smarthost. this reeks of
'kluge' though, and i would really prefer a nicer solution.
so basically what i want is a null client configuration, but that doesn't
work with any other mailers defined.
does anyone have any ideas?
thanks, adam.
Reply to: