My Oracle Support Banner

Is It Possible to Report to Syslog from the AUTH_REWRITE Mapping Table ? (Doc ID 2481807.1)

Last updated on APRIL 10, 2023

Applies to:

Oracle Communications Messaging Server - Version 8.0.2 and later
Information in this document applies to any platform.


Define a way to report to syslog from the AUTH_REWRITE mapping table.

To implement "AUTH_REWRITE mapping that prevents authenticated users from sending messages from addresses other than the ones listed in their mail, mailAltnerateAddress, or mailEquivalentAddress"
as in

NOTE: This is only on "MMP" systems, which run the MMP and MTA components, where users (and some applications) submit mail. SMTP/SUBMIT are already configured to require authentication.

To do this in a staged fashion, first report who/what would be blocked.

Reporting this in splunk is possible, but challenging.  The problem is that the authentication information is in the record while the From: header info is in the record.  Doing a splunk query to tie those together (by the 'pi= ' field) should be possible, but would be challenging.

One option would be to implement the config to do the mail blocking.  Alternately, report it to syslog with the '$<' mapping template flag.

However, '$<' is only available in Recipient Access mapping tables and not AUTH_REWRITE.

How can we configure this to block spoofing, but report instead of block ?


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.