For sendmail 8.9.x and later versions, add the following to your .mc file under LOCAL_CONFIG...
# dynamic relay authorization control map Kdrac btree /etc/mail/dracdand the following under LOCAL_RULESETS...
SLocal_check_rcpt
# allow recent POP/IMAP mail clients to relay
R$* $: $&{client_addr}
R$+ $: $(drac $1 $: ? $)
R? $@ ?
R$+ $@ $#OK
If you are using the DUL to block connections from dial-up IP addresses,
you will need to add the same four rules to the SLocal_check_relay
ruleset in your .mc file to allow DRAC-authenticated users to connect.
Tabs are required between the two sides of these rules!
Then, you can re-make the .cf file, install it, and restart the sendmail SMTP daemon. Please don't edit your sendmail.cf file directly. Regenerating it from the .mc files is a much safer procedure.
Mike McHenry contributes the following information for a complex sendmail configuration...
I have some updated sendmail rules for sendmail 8.11.0 that may or may not help people out. These rules are tuned for a full email server running all of the relay checks and spam filtering features of the new sendmail. First I will include an example sendmail.mc file and then I will show where the drac configs need to be manually patched in to the resulting sendmail.cf file.
EXAMPLE MC FILE: OSTYPE(`linux')dnl define(`confAUTO_REBUILD')dnl define(`confCONNECTION_RATE_THROTTLE',40)dnl define(`confMAX_HOP',30)dnl define(`confMAX_MESSAGE_SIZE',10000000)dnl define(`confPRIVACY_FLAGS',`authwarnings,needmailhelo')dnl define(`confQUEUE_LA',5)dnl define(`confREFUSE_LA',10)dnl define(`confTO_CONNECT', `1m')dnl define(`confTO_IDENT',0s)dnl define(`confTO_QUEUEWARN', `12h')dnl define(`confTRY_NULL_MX_LIST',true)dnl define(`STATUS_FILE',`/etc/mail/sendmail.st')dnl define(`ALIAS_FILE',`/etc/mail/aliases')dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl MAILER(`smtp')dnl FEATURE(`local_procmail', `/usr/bin/procmail')dnl FEATURE(`always_add_domain')dnl define(`MASQUERADE_NAME',`domain.com.')dnl FEATURE(`limited_masquerade')dnl define(`confCW_FILE',` /etc/mail/sendmail.cw')dnl FEATURE(`use_cw_file')dnl FEATURE(`accept_unresolvable_domains')dnl FEATURE(`redirect')dnl FEATURE(`virtusertable',` hash -o /etc/mail/virtusertable')dnl FEATURE(`access_db')dnl FEATURE(`blacklist_recipients')dnl FEATURE(dnsbl, `rbl.maps.vix.com', `Rejected - see http://www.mail-abuse.org/rbl/')dnl FEATURE(dnsbl, `dul.maps.vix.com', `Dialup - see http://www.mail-abuse.org/dul/')dnl FEATURE(dnsbl, `relays.mail-abuse.org', `Open spam relay - see http://www.mail-abuse.org/rss/')dnl LOCAL_CONFIG # dynamic relay authorization control map Kdrac btree -o /etc/mail/dracdManually patch into the resulting sendmail.cf the following chunks of code:
At the END of SLocal_check_rcpt right before the last "catch-all" reject insert the following chunk of code (ignore the final reject code that follows the DRAC code chunk)...
# allow recent POP/IMAP mail clients to relay
R$* $: $&{client_addr}
R$+ $: $(drac $1 $: ? $)
R? $:
R$+ $@ RELAYFROM
# anything else is bogus
R$* $#error $@ 5.7.1 $: "550 Relaying denied"
Also, if you are making use of the MAPS DUL lists you will need to add a check
for DRAC in SBasic_check_relay to allow your customers to relay mail even if
they are coming from a dialup outside of your control. Add the following
before the first MAPS checks in the sendmail.cf (ignore the MAPS lines
following the DRAC code chunk)...
# allow recent POP/IMAP mail clients to relay
R$* $: $&{client_addr}
R$+ $: $(drac $1 $: ? $)
R? $:
R$+ $@ RELAYFROM
# DNS based IP address spam list rbl.maps.vix.com
R$* $: $&{client_addr}
That's it! Fine-tune to suit your needs and restart sendmail.
For Postfix, here is a sample relay mapping, contributed by Jeff Johnson...
myhostname = mail.________.com mydomain = ________.com mydestination = $myhostname, localhost.$mydomain, $mydomain, mail.$mydomain, ns1.$mydomain relay_domains = $mydestination smtpd_recipient_restrictions = permit_mynetworks, check_client_access btree:/etc/mail/dracd, check_relay_domains