{"id":524,"date":"2013-12-30T15:27:19","date_gmt":"2013-12-30T23:27:19","guid":{"rendered":"http:\/\/blog.ls-al.com\/?p=524"},"modified":"2013-12-30T15:27:19","modified_gmt":"2013-12-30T23:27:19","slug":"sanitizing-email-recipient-list","status":"publish","type":"post","link":"https:\/\/blog.ls-al.com\/sanitizing-email-recipient-list\/","title":{"rendered":"Sanitizing Email Recipient List"},"content":{"rendered":"<p>I wrote a couple articles on respectively using sendmail and postfix to block outbound email and only allow selective domains and selective email addresses. \u00a0I ran into problems with both sendmail and postfix doing exactly what I want. \u00a0Sendmail was fairly easy to satisfy the requirements for forwarding only to certain domains. Postfix got very close on doing domains plus a selective few email addresses. \u00a0I could not get the multi instance postfix method working 100% with my header checks though.<\/p>\n<p>Below is another method to sanitize outbound email addresses using python smtplib and sendmail.<\/p>\n<p><span style=\"text-decoration: underline;\">Sendmail answer on non standard port:<\/span><\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@myhost:\/etc\/mail\/cf\/cf# more usla-utility.mc\r\ndivert(-1)\r\n...\r\ndivert(0)dnl\r\nVERSIONID(`sendmail.mc (Sun)')\r\nOSTYPE(`solaris11')dnl\r\nDOMAIN(`solaris-generic')dnl\r\nDAEMON_OPTIONS(`Port=10026,Addr=127.0.0.1, Name=MTA')dnl\r\nMASQUERADE_AS(`arbonne.com')\r\nFEATURE(masquerade_envelope)\r\nFEATURE(`mailertable')\r\nMAILER(`local')dnl&lt;br \/&gt;\r\n\r\nroot@myhost:\/etc\/mail\/cf\/cf# \/usr\/ccs\/bin\/m4 ..\/m4\/cf.m4 myhost.mc &gt; \/etc\/mail\/sendmail.cf\r\n<\/pre>\n<p><span style=\"text-decoration: underline;\">I needed some specific transports so I have a mailertable:<\/span><\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@myhost:\/etc\/mail# makemap hash mailertable &lt; mailertable\r\n<\/pre>\n<p><span style=\"text-decoration: underline;\">Run a small python smtplib SMTP forwarder on port 25:<\/span><\/p>\n<p>More information here:\u00a0<a href=\"http:\/\/docs.python.org\/2\/library\/smtplib.html#smtp-example\">http:\/\/docs.python.org\/2\/library\/smtplib.html#smtp-example<\/a><\/p>\n<p>Run python in the background:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@myhost:# nohup python sanitizer.py &amp;\r\n<\/pre>\n<p>My code snippet to sanitize. Probably need to look at CC and BCC also.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n...\r\nallowedDomains = &#x5B;'domain1.com','domain2.com','domain3.com','domain4.com']\r\n      allowedRecipients = &#x5B;'user@domain5.com']\r\n      for rcpt in rcpttos&#x5B;:]:\r\n        user,domain = rcpt.split(&quot;@&quot;)\r\n        if not (rcpt.lower() in allowedRecipients or domain.lower() in allowedDomains):\r\n          #log.debug(&quot;%s not allowed per our policy&quot; % rcpt)\r\n          i = rcpttos&#x5B;:].index(rcpt)\r\n          del rcpttos&#x5B;i]\r\n      log.debug(&quot;sanitized list %s&quot; % rcpttos)\r\n...\r\n<\/pre>\n<p><span style=\"text-decoration: underline;\">Monitor the custom log:<\/span><\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@myhost:~# tail -f sanitizer.log \r\n... DEBUG:__main__:Received message from: ('10.1.11.86', 32841). From: root@myclient | To: &#x5B;'user1@domain1.com', 'user2@domain2.com', 'user3@domain3.com', 'user4@domain1.com'] DEBUG:__main__:sanitized list &#x5B;'user3@domain3.com']\r\n<\/pre>\n<p><span style=\"text-decoration: underline;\">Inject a test from client:<\/span><\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@myclient:\/tmp# cat \/tmp\/test_all.eml\r\nTo: user1@domain1.com,user2@domain2.com,user3@domain3.com,user4@domain1.com \r\nSubject: MAILHOST TEST DL\r\nFrom: luser@mydomain.com\r\nbody...\r\n\r\nroot@myclient:\/tmp# sendmail -d7.99 -d38.99 -vt &lt; \/tmp\/test_all.eml\r\n<\/pre>\n<p><span style=\"text-decoration: underline;\">Monitor the real maillog of sendmail to see what happened:<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I wrote a couple articles on respectively using sendmail and postfix to block outbound email and only allow selective domains<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,39],"tags":[],"class_list":["post-524","post","type-post","status-publish","format-standard","hentry","category-python","category-sendmail"],"_links":{"self":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/524","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/comments?post=524"}],"version-history":[{"count":0,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/524\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/media?parent=524"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/categories?post=524"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/tags?post=524"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}