{"id":1526,"date":"2017-08-24T16:40:19","date_gmt":"2017-08-24T21:40:19","guid":{"rendered":"http:\/\/lisa.rushworth.us\/?p=1526"},"modified":"2019-06-19T11:01:41","modified_gmt":"2019-06-19T16:01:41","slug":"sendmail-virtusertable","status":"publish","type":"post","link":"https:\/\/www.rushworth.us\/lisa\/?p=1526","title":{"rendered":"Sendmail VirtUserTable"},"content":{"rendered":"

Some mail systems support sub-addressing (i.e. user+ignoredstring@example.com), but Exchange is not one of them. Even if\/when it gets supported, it’s really easy to figure out the\u00a0real<\/em> e-mail address in that sub-address. Instead, we use sendmail’s virtusertable to map entire subdomains (i.e. @lisa.example.com) over to our primary e-mail addresses. If an address becomes compromised, we can blacklist the particular something@subdomain.rushworth.us address in the access table).<\/p>\n

Virtual Domain Aliases<\/strong><\/p>\n

These aliases allow changes to be made to\u00a0intended\u00a0recipient addresses.\u00a0\u00a0There are two files required for an address to be aliased.\u00a0\u00a0An entry for \u201cVIRTUSER_DOMAIN_FILE\u201d will exist in the\u00a0sendmail.mc\u00a0specifying the file listing the domains to be included for aliasing.\u00a0\u00a0For us, this is \/etc\/mail\/virtuser-domains.\u00a0\u00a0This is a text file containing the name of each domain to be virtualized for aliasing, one domain per line.\u00a0\u00a0Please note,\u00a0the domains included herein need only be the recipient domains, not the domains to which aliases are mapped.\u00a0\u00a0E.G. our\u00a0virtuser-domains file contains just:<\/p>\n

example.com<\/p>\n

And yet we can alias test.addy@example.com to someotheraddy@example.net \u2026 it is only the source address that needs to be defined in virtuser-domains.<\/p>\n

Aliases for the virtual domains are contained in \/etc\/mail\/virtusertable.\u00a0\u00a0The left-hand entry is the recipient address and the right-hand entry is what that recipient will be translated to.\u00a0\u00a0Left-hand entries can be an email address (testaddy@example.com) or a domain (@lisa.example.com)<\/p>\n

Right-hand entries can be an alternate address. \u00a0If the address should remain the same, an exclamation point can be used:<\/p>\n

myfakeaddress@example.com        external.email@example.net\r\nmyaddress@example.com \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0!\r\n<\/pre>\n
The right-hand entry can also be an action, like error which will return an error code<\/p>\n
compromised.address@lisa.example.com\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 error:nouser User unknown<\/p>\n
 <\/p>\n
To commit changes to the\u00a0virtusertable:<\/p>\n
makemap<\/strong>\u00a0hash \/etc\/mail\/virtusertable.db\u00a0< \/etc\/mail\/virtusertable<\/strong><\/p>\n
\u00a0<\/strong><\/p>\n
Testing Virtual Aliases:<\/strong><\/p>\n
You can test the results of the virtual address space aliasing using sendmail \u2013bt.\u00a0\u00a0From within the new prompt (a greater than sign on a blank line) type3,0\u00a0followed by the address you would like to test.\u00a0\u00a0E.G.:<\/p>\n
[uid@NEOHTWNLX821 ~]#\u00a0sendmail<\/strong>\u00a0-bt<\/strong>\r\nADDRESS TEST MODE (ruleset\u00a03 NOT automatically invoked)\r\nEnter <ruleset> <address>\r\n>\u00a03,0 llanders@example.com<\/strong>\r\ncanonify\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0input: llanders @ example . com\r\nCanonify2\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0input: llanders < @ example . com >\r\nCanonify2\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0returns: llanders < @ example . com . >\r\ncanonify\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0returns: llanders < @ example . com . >\r\nparse\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0input: llanders < @ example . com . >\r\nParse0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0input: llanders < @ example . com . >\r\nParse0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0returns: llanders < @ example . com . >\r\nParseLocal\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0input: llanders < @ example . com . >\r\nParseLocal\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0returns: llanders < @ example . com . >\r\nParse1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0input: llanders < @ example . com . >\r\nRecurse\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0input: llanders @ example . net\r\ncanonify\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0input: llanders @ example . net\r\nCanonify2\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0input: llanders < @ example . net >\r\nCanonify2\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0returns: llanders < @ example . net . >\r\ncanonify\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0returns: llanders < @ example . net . >\r\nparse\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0input: llanders < @ example . net . >\r\nParse0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0input: llanders < @ example . net . >\r\nParse0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0returns: llanders < @ example . net . >\r\nParseLocal\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0input: llanders < @ example . net . >\r\nParseLocal\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0returns: llanders < @ example . net . >\r\nParse1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0input: llanders < @ example . net . >\r\nMailertable\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0input: < example . net > llanders < @ example . net . >\r\nMailertable\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0input: example . < com > llanders < @ example . net . >\r\nMailertable\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0returns: llanders < @ example . net . >\r\nMailertable\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0returns: llanders < @ example . net . >\r\nMailerToTriple\u00a0\u00a0\u00a0\u00a0\u00a0input: < > llanders < @ example . net . >\r\nMailerToTriple\u00a0\u00a0\u00a0returns: llanders < @ example . net . >\r\nParse1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0returns: $# esmtp $@ example . net . $: llanders < @ example . net . >\r\nparse\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0returns: $# esmtp $@ example . net . $: llanders < @ example . net . >\r\nRecurse\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0returns: $# esmtp $@ example . net . $: llanders < @ example . net . >\r\nParse1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0returns: $# esmtp $@ example . net . $: llanders < @ example . net . >\r\nparse\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0returns: $# esmtp $@ example . net . $: llanders < @ example . net . >\r\n<\/pre>\n
Use ctrl-d to exit the test.<\/p>\n","protected":false},"excerpt":{"rendered":"
Some mail systems support sub-addressing (i.e. user+ignoredstring@example.com), but Exchange is not one of them. Even if\/when it gets supported, it’s really easy to figure out the\u00a0real e-mail address in that sub-address. Instead, we use sendmail’s virtusertable to map entire subdomains (i.e. @lisa.example.com) over to our primary e-mail addresses. If an address becomes compromised, we can …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30],"tags":[259,305],"class_list":["post-1526","post","type-post","status-publish","format-standard","hentry","category-system-administration","tag-sendmail","tag-virtusertable"],"_links":{"self":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/1526","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1526"}],"version-history":[{"count":4,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/1526\/revisions"}],"predecessor-version":[{"id":5358,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/1526\/revisions\/5358"}],"wp:attachment":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1526"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1526"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1526"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}