I couldn't locate a check_mail and check_rcpt in sendmail's Doc (in /usr/share/doc)
check_mail and check_rcpt are rulesets in the sendmail.cf configuration file. They're probably explained in the sendmail operations guide (?) in the sendmail-doc package.
> What I did find was just references to it. I did find this though
loose_relay_check Normally, if % addressing is used for a recipient, e.g. user%site@othersite, and othersite is in class {R}, the check_rcpt ruleset will strip @othersite and recheck user@site for relaying. This feature changes that behavior. It should not be needed for most installations.
But that is only useful if you're using a single email account to forward to multiple users within your organisation. (but this would need intervention from your ISP to get them to implement the % thingy)
There was a time when % routing was widely implemented. Not now I suspect, but this isn't what the OP was talking about anyway.
I believe you're building sendmail yourself them. How does one check if using rpm(?) Do you know? (I'm booted into gentoo and I know sendmail is compiled with ldap support)
Run: sendmail -d0.10 < /dev/null
The output should include LDAPMAP.
If I understand your explanation of check_mail and check_rcpt correctly, it only adds a level of security/anti-relay check correct?
check_mail and check_rcpt are rulesets called by sendmail when the SMTP MAIL FROM: and RCPT TO: commands are issued respectively [actually that's not strictly true if FEATURE(`delay_checks') is being used, but it's the same principle]. Just about any sort of check that can be expressed in rulesets can be done at these times. For instance, I check that the connecting client isn't trying to forge my hostname or IP address in their SMTP HELO greeting. I also use checks in these rulesets to reject mail from domains whose MX records are in IP space controlled by certain spammers.
> You're
already using TLS, how about using SASL as well? Postfix can also query against LDAP, so theoretically (anyway) check_mail and check_rcpt can also be done. (also with a MySQL backend, much like LDAP, that could also be a solution right?)
LDAP and SASL shouldn't be a problem for any decent MTA. The point is that sendmail's rulesets are *extremely* versatile and can be used for a wide variety of checks, if you can understand sendmail's configuration language (which is not easy). I think similar things can be done in Postfix using perl-based "policy daemons".
This is also where Bogofilter is
called if we do spam filtering.
Stupid Question. Is Spamassassin via spamass-milter (the mitler side) slower or more resource intensive compared to bogofilter?
SpamAssassin does much more than bogofilter so I'd expect it to be more resource intensive. Since I don't use either though, I couldn't say definitively.
I'm sure the OP will address your other points.
Paul.
