Local_check_relay and check_relay

V8.8 sendmail supports two mechanisms for screening incoming SMTP connections. One is the libwrap.a mechanism, and the other is the check_relay rule set. V8.9 sendmail added a third mechanism, the access database (The access Database on page 277).

The Local_check_relay rule set provides a hook into the check_relay rule set, which is used to screen incoming network connections and accept or reject them based on the hostname, domain, or IP address. It is called just before the libwrap.a code and can be used even if that code was omitted from your release of sendmail. Note that the check_relay rule set is not called if sendmail was run with the -bs command-line switch (-bs on page 236).

The check_relay rule set is called with a workspace that looks like this:

host $| IPaddress

The hostname and IP address are separated by the $| operator. The host is the fully qualified canonical name of the connecting host. The IPaddress is the IP address of that host in dotted-quad form without surrounding square brackets, or the IPv6 address prefixed with a literal IPv6:. Note that if you also declare the FEATURE(use_client_ptr) (FEATURE(use_client_ptr)—V8.13 and Later on page 297), the value from the ${client_ptr} macro (${client_ptr} on page 813) will be used in place of the IPaddress.

By default, the check_relay rule set allows all connections. This behavior can be overridden or enforced in the access database by prefixing leftmost keys with a literal Connect: (Finer ...

Get sendmail, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.