Path: utzoo!utgpu!radio.astro!helios!sysruth From: sysruth@helios.toronto.edu (Ruth Milner) Newsgroups: comp.mail.sendmail Subject: Re: How to prevent mail to non-existent accounts Message-ID: <844@helios.toronto.edu> Date: 13 Jul 89 20:12:44 GMT References: <11680@cgl.ucsf.EDU> <3853@phri.UUCP> Reply-To: sysruth@helios.physics.utoronto.ca (Ruth Milner) Organization: University of Toronto Physics/Astronomy/CITA Lines: 42 In article <3853@phri.UUCP> roy@phri.UUCP (Roy Smith) writes: >In article <11680@cgl.ucsf.EDU> gregc@cgl.ucsf.edu (Greg Couch) writes: >> Thus we don't want users to get mail on >> machines they can't access. > > Yuck! This really seems rather needless. Why not just share >/usr/lib/aliases files as well? Have each person have an alias pointing to >the machine where their home directory is. Yuck! And then every time you add a new user you have to append an alias onto /usr/lib/aliases and tell every system on which they have no home directory to run newaliases. Not to mention removing the alias when you remove the user (yes, I know this is not strictly necessary, but on a big system you can wind up with a very large file very quickly, and after a year or two you have no idea offhand who's really there any more). Personally, I'd rather hack sendmail once every 6 months when I make a new version. Of course, if you add an account about once a month or less, it's no big deal. When you are adding as many as several accounts per week, as we do, it is not nice at all. What we do is have a small hack to sendmail (I think) to make it read a file called "localdelivery" on startup. Any system listed in this file on a server has its mail received by that server. And the nameserver data has an MX record for that system pointing to the server. We do this for a) diskless clients and b) systems which can't run a locally-compatible version of sendmail. That way, when we add a new *system* we make one change each to two files, and forever after all mail for those systems is received centrally. Servers share the /usr/spool/mail area with their clients so the mail can be read from the clients as well. Works very nicely. Access to a system is determined by who owns it: everyone is authorized to use a Consortium-owned computer; systems privately owned restrict access to the people in the owner's group by giving everyone else a nonexistent shell. To each his/her own, I guess. -- Ruth Milner UUCP - {uunet,pyramid}!utai!helios.physics!sysruth Systems Manager BITNET - sysruth@utorphys U. of Toronto INTERNET - sysruth@helios.physics.utoronto.ca Physics/Astronomy/CITA Computing Consortium