DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Managing mail with MMDF

Setting routing-based authorization

To set up routing-based authorization for hosts that are not in your domain (your_company.com in this example):

  1. Log in as mmdf and declare an authorization table in the file /usr/mmdf/mmdftailor using the MTBL keyword. For information on editing mmdftailor, see ``Editing MMDF configuration files manually'' and the mmdftailor(F) manual page.

    For example:

       MTBL "world-auth", file="authinfo/world"
    
    This declares a table called world-auth that is maintained in the file authinfo/world. This table will contain the authorization information for the world channel.

  2. Specify a channel for your domain. For example, for a channel called your_companywork, create an MCHN entry like this:
       MCHN your_companywork, auth=free, show="MYNET Network Delivery",
       	ap=822, mod=imm
    

  3. Define a channel for the rest of the hosts that are not in the local domain (again, this appears as one line in mmdftailor):
       MCHN world, auth=inblock, auth=dho, indest="world-auth",
       	show="WORLD Delivery", ap=822, mod=imm
    
    The ``auth=indest'' parameter specifies that when world is the input channel, MMDF checks the authinfo/world file to verify that the inbound host is authorized to send mail to the destination. See ``Specifying channel authorization levels''.

    When you specify the ``auth=dho'' parameter on a channel, MMDF replaces the ``host'' (in host-based authorization) used to check authorization with a route. The route is either from the source or to the destination, depending on which ``auth'' level that you specify. MMDF replaces the local section of the route (the user's name) with the string ``username''. Then, MMDF compares this route to the entries in the table, to determine if the message is authorized or not.

  4. Create a channel table file in /usr/mmdf/table for each of the channels you just created. In the above example, you would create the files your_companywork.chn and world.chn. In those files, include descriptions of each host accessed via that channel. See ``Channel tables'' for more information.

  5. Create the authinfo/world file, and include entries like these:
       world:
       username@your_company.com:
       username@larry.your_company.com:
       username@moe.your_company.com:
       username@curly.your_company.com:
    
    This table authorizes MMDF to deliver any mail addressed to people in the your_company.com domain arriving or leaving on the world channel. This does not allow mail to pass through the your_companywork channel to a destination outside the your_company.com domain.

  6. Rebuild the hashed database with dbmbuild.

Next topic: Specifying both host and user authorization
Previous topic: Specifying user-based authorization

© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 26 May 2005