Managing mail with MMDF

Setting routing-based authorization

To set up routing-based authorization for hosts that are not in your domain ( in this example):

  1. Log in as mmdf and declare an authorization table in the file /usr/mmdf/mmdftailor using the MTBL keyword. For information on editing mmdftailor, see ``Editing MMDF configuration files manually'' and the mmdftailor(F) manual page.

    For example:

       MTBL "world-auth", file="authinfo/world"
    This declares a table called world-auth that is maintained in the file authinfo/world. This table will contain the authorization information for the world channel.

  2. Specify a channel for your domain. For example, for a channel called your_companywork, create an MCHN entry like this:
       MCHN your_companywork, auth=free, show="MYNET Network Delivery",
       	ap=822, mod=imm

  3. Define a channel for the rest of the hosts that are not in the local domain (again, this appears as one line in mmdftailor):
       MCHN world, auth=inblock, auth=dho, indest="world-auth",
       	show="WORLD Delivery", ap=822, mod=imm
    The ``auth=indest'' parameter specifies that when world is the input channel, MMDF checks the authinfo/world file to verify that the inbound host is authorized to send mail to the destination. See ``Specifying channel authorization levels''.

    When you specify the ``auth=dho'' parameter on a channel, MMDF replaces the ``host'' (in host-based authorization) used to check authorization with a route. The route is either from the source or to the destination, depending on which ``auth'' level that you specify. MMDF replaces the local section of the route (the user's name) with the string ``username''. Then, MMDF compares this route to the entries in the table, to determine if the message is authorized or not.

  4. Create a channel table file in /usr/mmdf/table for each of the channels you just created. In the above example, you would create the files your_companywork.chn and world.chn. In those files, include descriptions of each host accessed via that channel. See ``Channel tables'' for more information.

  5. Create the authinfo/world file, and include entries like these:
    This table authorizes MMDF to deliver any mail addressed to people in the domain arriving or leaving on the world channel. This does not allow mail to pass through the your_companywork channel to a destination outside the domain.

  6. Rebuild the hashed database with dbmbuild.

Next topic: Specifying both host and user authorization
Previous topic: Specifying user-based authorization

© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003