MMDF has the facility to apply authorization for channels on a
per-host basis.
(1) Add the following entry to define an authorization file in
/usr/mmdf/mmdftailor:
MTBL name=authhosts, file="authhosts",
show="MMDF host/channel authorization"
(2) Edit the MCHN entry for the channel(s) used to communicate
with systems external to internal.com and add the entries:
auth=inblock, outsrc=authhosts, indest=authhosts
This specifies that only hosts and channels listed in:
/usr/mmdf/table/authhosts
should be allowed to route mail in via this channel. Note that the
change to the MCHN entry must appear in the file after the MTBL entry,
or there may be errors from dbmbuild(ADM).
(3) Edit /usr/mmdf/table/authhosts and add an entry:
local:
to allow mail originating on the local channel (that is, from
A.internal.com) to be sent out over this channel and to allow mail
received via this channel to be delivered to the local channel (to a
user on A.internal.com).
(4) Add an entry for every system that is allowed to send
mail out via this channel or that shoudl be allowed to receive mail
via this channel:
B.internal.com:
C.internal.com:
(5) Rebuild the MMDF database using dbmbuild(ADM) and
restart the deliver(ADM) daemons.
An example entry is shown below:
/usr/mmdf/mmdftailor
...
...
...
MTBL name=authhosts, file="authhosts", show="MMDF authorization"
MTBL smtpchn, flags=ns, show="DNS fully qualified domains",
flags=channel
MCHN smtp, show="SMTP Delivery", ap=822, tbl=smtpchn, mod=reg,
auth=inblock, outsrc=authhosts, indest=authhosts
...
...
...
/usr/mmdf/table/authhosts
local:
A.internal.com:
B.internal.com:
C.internal.com:
|