Mail and Messaging Guide
Chapter 4, Managing mail with MMDF
Setting routing-based authorization

Setting routing-based authorization

To set up routing-based authorization for hosts that are not in your domain (mynet.com in this example):

  1. Log in as mmdf and declare an authorization table in the file /usr/mmdf/mmdftailor using the MTBL keyword. For information on editing mmdftailor, see ``Editing MMDF configuration files manually'' and the mmdftailor(F) manual page.

    For example: 

       MTBL "world-auth", file="authinfo/world"
    This declares a table called world-auth that is maintained in the file authinfo/world. This table will contain the authorization information for the world channel.

  2. Specify a channel for your domain. For example, for a channel called mynetwork, create an MCHN entry like this: 
       MCHN mynetwork, auth=free, show="MYNET Network Delivery",
   	ap=822, mod=imm

  3. Define a channel for the rest of the hosts that are not in the local domain (again, this appears as one line in mmdftailor): 
       MCHN world, auth=inblock, auth=dho, indest="world-auth",
   	show="WORLD Delivery", ap=822, mod=imm
    The ``auth=indest'' parameter specifies that when world is the input channel, MMDF checks the authinfo/world file to verify that the inbound host is authorized to send mail to the destination. See ``Specifying channel authorization levels''.

    When you specify the ``auth=dho'' parameter on a channel, MMDF replaces the ``host'' (in host-based authorization) used to check authorization with a route. The route is either from the source or to the destination, depending on which ``auth'' level that you specify. MMDF replaces the local section of the route (the user's name) with the string ``username''. Then, MMDF compares this route to the entries in the table, to determine if the message is authorized or not.

  4. Create a channel table file in /usr/mmdf/table for each of the channels you just created. In the above example, you would create the files mynetwork.chn and world.chn. In those files, include descriptions of each host accessed via that channel. See ``Channel tables'' for more information.

  5. Create the authinfo/world file, and include entries like these: 
       world:
   username@mynet.com:
   username@larry.mynet.com:
   username@moe.mynet.com:
   username@curly.mynet.com:
    This table authorizes MMDF to deliver any mail addressed to people in the mynet.com domain arriving or leaving on the world channel. This does not allow mail to pass through the mynetwork channel to a destination outside the mynet.com domain.

  6. Rebuild the hashed database with dbmbuild.