Disabling sendmail relay access for certain IPs
From Brandonhutchinson.com
(Difference between revisions)
| Line 11: | Line 11: | ||
There are two solutions: | There are two solutions: | ||
| - | * Explicitly list all IP's from the class C in ''access'' with a right-hand side value of ''RELAY''. | + | * Explicitly list all IP's allowed relay access from the class C in ''access'' with a right-hand side value of ''RELAY''. |
* List the IP's that are not allowed relay access in ''access'' with a right-hand side value of ''OK''. | * List the IP's that are not allowed relay access in ''access'' with a right-hand side value of ''OK''. | ||
Current revision
Situation: We allow relaying for a class C network in sendmail's access database, but want to prevent a few IP's (e.g., 192.168.1.100 and 192.168.1.101) in the class C from relaying mail.
e.g., /etc/mail/access:
192.168.1 RELAY
# sendmail -bt
> .D{192.168.1.100}
> Start,check_relay $| 192.168.1.100
...
check_relay returns: relay
There are two solutions:
- Explicitly list all IP's allowed relay access from the class C in access with a right-hand side value of RELAY.
- List the IP's that are not allowed relay access in access with a right-hand side value of OK.
e.g., /etc/mail/access:
192.168.1. RELAY 192.168.1.100 OK 192.168.1.101 OK
# sendmail -bt
> .D{192.168.1.100}
> Start,check_relay $| 192.168.1.100
...
check_relay returns: ok
From cf/README:
OK Accept mail even if other rules in the running ruleset would reject it, for example, if the domain name is unresolvable.
"Accept" does not mean "relay", but at most acceptance for local recipients. That is, OK allows less than RELAY.
