Tag: virtusertable

Sendmail VirtUserTable

Some mail systems support sub-addressing (i.e. user+ignoredstring@domain.tld), but Exchange is not one of them. Instead of trying to sort out sub-addressing through sendmail or Exchange, we use sendmail’s virtusertable to map entire subdomains (i.e. @lisa.rushworth.us) over to our primary e-mail addresses. If an address becomes compromised, we can blacklist the particular something@subdomain.rushworth.us address in the access table).

Virtual Domain Aliases

These aliases allow changes to be made to intended recipient addresses.  There are two files required for an address to be aliased.  An entry for “VIRTUSER_DOMAIN_FILE” will exist in the sendmail.mc specifying the file listing the domains to be included for aliasing.  For us, this is /etc/mail/virtuser-domains.  This is a text file containing the name of each domain to be virtualized for aliasing, one domain per line.  Please note, the domains included herein need only be the recipient domains, not the domains to which aliases are mapped.  E.G. our virtuser-domains file contains just:

rushworth.us

And yet we can alias test.addy@rushworth.us to lisa.landers@vibiant.dnsalias.com … it is only the source address that needs to be defined in virtuser-domains.

Aliases for the virtual domains are contained in /etc/mail/virtusertable.  The left-hand entry is the recipient address and the right-hand entry is what that recipient will be translated to.  Left-hand entries can be an email address (testaddy@rushworth.us) or a domain (@lisa.rushworth.us)

Right-hand entries can be an alternate address.  If the address should remain the same, an exclamation point can be used:

myfakeaddress@rushworth.us        external.email@domain.tld
myaddress@rushworth.us            !

The right-hand entry can also be an action, like error which will return an error code

compromised.address@lisa.rushworth.us            error:nouser User unknown

 

To commit changes to the virtusertable:

makemap hash /etc/mail/virtusertable.db < /etc/mail/virtusertable

 

Testing Virtual Aliases:

You can test the results of the virtual address space aliasing using sendmail –bt.  From within the new prompt (a greater than sign on a blank line) type3,0 followed by the address you would like to test.  E.G.:

[uid@NEOHTWNLX821 ~]# sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> 3,0 llanders@windstream.com
canonify           input: llanders @ windstream . com
Canonify2          input: llanders < @ windstream . com >
Canonify2        returns: llanders < @ windstream . com . >
canonify         returns: llanders < @ windstream . com . >
parse              input: llanders < @ windstream . com . >
Parse0             input: llanders < @ windstream . com . >
Parse0           returns: llanders < @ windstream . com . >
ParseLocal         input: llanders < @ windstream . com . >
ParseLocal       returns: llanders < @ windstream . com . >
Parse1             input: llanders < @ windstream . com . >
Recurse            input: llanders @ valortelecom . com
canonify           input: llanders @ valortelecom . com
Canonify2          input: llanders < @ valortelecom . com >
Canonify2        returns: llanders < @ valortelecom . com . >
canonify         returns: llanders < @ valortelecom . com . >
parse              input: llanders < @ valortelecom . com . >
Parse0             input: llanders < @ valortelecom . com . >
Parse0           returns: llanders < @ valortelecom . com . >
ParseLocal         input: llanders < @ valortelecom . com . >
ParseLocal       returns: llanders < @ valortelecom . com . >
Parse1             input: llanders < @ valortelecom . com . >
Mailertable        input: < valortelecom . com > llanders < @ valortelecom . com . >
Mailertable        input: valortelecom . < com > llanders < @ valortelecom . com . >
Mailertable      returns: llanders < @ valortelecom . com . >
Mailertable      returns: llanders < @ valortelecom . com . >
MailerToTriple     input: < > llanders < @ valortelecom . com . >
MailerToTriple   returns: llanders < @ valortelecom . com . >
Parse1           returns: $# esmtp $@ valortelecom . com . $: llanders < @ valortelecom . com . >
parse            returns: $# esmtp $@ valortelecom . com . $: llanders < @ valortelecom . com . >
Recurse          returns: $# esmtp $@ valortelecom . com . $: llanders < @ valortelecom . com . >
Parse1           returns: $# esmtp $@ valortelecom . com . $: llanders < @ valortelecom . com . >
parse            returns: $# esmtp $@ valortelecom . com . $: llanders < @ valortelecom . com . >