Setting routing-based authorization

To set up routing-based authorization for hosts that are not in your domain (your_company.com in this example):

1. Log in as mmdf and declare an authorization table in the file /usr/mmdf/mmdftailor using the MTBL keyword. For information on editing mmdftailor, see ``Editing MMDF configuration files manually'' and the mmdftailor(F) manual page.

   For example:

      MTBL "world-auth", file="authinfo/world"
   

   This declares a table called world-auth that is maintained in the file authinfo/world. This table will contain the authorization information for the world channel.

2. Specify a channel for your domain. For example, for a channel called your_companywork, create an MCHN entry like this:

      MCHN your_companywork, auth=free, show="MYNET Network Delivery",
      	ap=822, mod=imm
   

3. Define a channel for the rest of the hosts that are not in the local domain (again, this appears as one line in mmdftailor):

      MCHN world, auth=inblock, auth=dho, indest="world-auth",
      	show="WORLD Delivery", ap=822, mod=imm
   

   The ``auth=indest'' parameter specifies that when world is the input channel, MMDF checks the authinfo/world file to verify that the inbound host is authorized to send mail to the destination. See ``Specifying channel authorization levels''.

   When you specify the ``auth=dho'' parameter on a channel, MMDF replaces the ``host'' (in host-based authorization) used to check authorization with a route. The route is either from the source or to the destination, depending on which ``auth'' level that you specify. MMDF replaces the local section of the route (the user's name) with the string ``username''. Then, MMDF compares this route to the entries in the table, to determine if the message is authorized or not.

4. Create a channel table file in /usr/mmdf/table for each of the channels you just created. In the above example, you would create the files your_companywork.chn and world.chn. In those files, include descriptions of each host accessed via that channel. See ``Channel tables'' for more information.

5. Create the authinfo/world file, and include entries like these:

      world:
      username@your_company.com:
      username@larry.your_company.com:
      username@moe.your_company.com:
      username@curly.your_company.com:
   

   This table authorizes MMDF to deliver any mail addressed to people in the your_company.com domain arriving or leaving on the world channel. This does not allow mail to pass through the your_companywork channel to a destination outside the your_company.com domain.

6. Rebuild the hashed database with dbmbuild.