Specifying user-based authorization

To configure MMDF authorization on a per-user basis, you must first set up the authorization level on the channels that you want to restrict and create appropriate channel tables, as described in ``Specifying host-based authorization''.

To set up authorizations for specific users:

1. Log in as mmdf and declare the user authorization table in the file /usr/mmdf/mmdftailor using the MTBL keyword. For information on editing mmdftailor, see ``Editing MMDF configuration files manually'' and the mmdftailor(F) manual page.

   For example, if the name of file containing the user authorization table is auth.user:

      MTBL auth, file="auth.user", show "Per-user authorization"
   

   You must call the per-user authorization table auth; MMDF treats any table called auth as the per-user authorization table.

2. Create the user authorization table in /usr/mmdf/table (in the example in step 1, the file would be /usr/mmdf/table/auth.user). Use this format for the table contents:
   
   username: keyword channel [, channel]

   The username can be a local or remote user name, keyword describes the actions that you can authorize users to perform, and channel is the channel name on which the authorizations apply. The keywords are:

   
   both

   allows user to send and receive mail

   
   send

   allows user to send mail only

   
   recv

   allows user to receive mail only

   
   expire

   expires access privileges for the user (and includes this information in any error mail)

   MMDF treats any other keyword as expire, except that MMDF sends the text of the action instead of ``expire'' to the user in error mail.

   Include one line in the table for each user to whom you want to grant mail access. Any users not listed are not authorized to use any channel except the channels set to the free, inlog, or outlog authorization levels (see ``Specifying channel authorization levels'').

   Example I:
   To set up access authorizations for a local user, specify the unqualified user name. For example, the local user andrei can both send and receive mail on the SMTP and UUCP channels:

      andrei: both smtp,uucp
   

   However, if you set up host-based authorization to restrict access to one of these channels, for example UUCP, andrei might not be authorized to send or receive mail on that channel.

   Because mail on the local channel is not restricted, andrei can pass mail through this channel even though the user authorization list does not include ``local'' in the list of channels.

   Example II:
   To set up access authorization for a remote user, specify the fully qualified address of that user. For example, to allow melissa on the machine silly.org to send mail through TCP/IP (the SMTP channel) on this host, add a line like this to the authorization table:

      melissa@silly.org: send smtp
   

   If mail arrives for melissa through UUCP, or if she tries to send mail through the UUCP channel, MMDF rejects the mail.

   Example III:
   To expire a particular user's access and tell MMDF to send an error message, add the message to the user authorization table line for that user. For example, to expire aaron@thames.com's access and send the text ``No more mail for you!'', include a line like this one:

      aaron@thames.COM: "No more mail for you!" uucp
   

3. Rebuild the hashed database using the instructions in ``Rebuilding the hashed database''.