Disabling sendmail relay access for certain IPs

From Brandonhutchinson.com

(Difference between revisions)

Revision as of 18:52, 4 October 2007

Situation: We allow relaying for a class C network in sendmail's access database, but want to prevent a few IP's (e.g., 192.168.1.100 and 192.168.1.101) in the class C from relaying mail.

e.g., /etc/mail/access:

192.168.1 RELAY

# sendmail -bt
> .D{192.168.1.100}
> Start,check_relay $| 192.168.1.100
...
check_relay      returns: relay

There are two solutions:

Explicitly list all IP's from the class C in access with a right-hand side value of RELAY.
List the IP's that are not allowed relay access in access with a right-hand side value of OK.

e.g., /etc/mail/access:

192.168.1. RELAY
192.168.1.100 OK
192.168.1.101 OK

# sendmail -bt
> .D{192.168.1.100}
> Start,check_relay $| 192.168.1.100
...
check_relay      returns: ok

From cf/README:

OK	Accept mail even if other rules in the running ruleset would reject it, for example, if the domain name is unresolvable.
       "Accept" does not mean "relay", but at most acceptance for local recipients. That is, OK allows less than RELAY.

Retrieved from "http://brandonhutchinson.com/wiki/Disabling_sendmail_relay_access_for_certain_IPs"

@@ Line 3: / Line 3: @@
 e.g., ''/etc/mail/access'':
 .168.1 RELAY
+ # '''sendmail -bt'''
+ > '''.D{192.168.1.100}'''
+ > '''Start,check_relay $| 192.168.1.100'''
+ ...
+ check_relay      returns: relay
 There are two solutions:
 * Explicitly list all IP's from the class C in ''access'' with a right-hand side value of ''RELAY''.
@@ Line 11: / Line 18: @@
 .168.1.100 OK
 .168.1.101 OK
+ # '''sendmail -bt'''
+ > '''.D{192.168.1.100}'''
+ > '''Start,check_relay $| 192.168.1.100'''
+ ...
+ check_relay      returns: ok
 From [http://www.sendmail.org/m4/anti_spam.html cf/README]:

Disabling sendmail relay access for certain IPs

From Brandonhutchinson.com

Revision as of 18:52, 4 October 2007

Views

Personal tools

Navigation

Search

Toolbox