Disabling sendmail relay access for certain IPs

From Brandonhutchinson.com

(Difference between revisions)
Jump to: navigation, search
Current revision (18:54, 4 October 2007) (edit) (undo)
 
Line 11: Line 11:
There are two solutions:
There are two solutions:
-
* Explicitly list all IP's from the class C in ''access'' with a right-hand side value of ''RELAY''.
+
* Explicitly list all IP's allowed relay access from the class C in ''access'' with a right-hand side value of ''RELAY''.
* List the IP's that are not allowed relay access in ''access'' with a right-hand side value of ''OK''.
* List the IP's that are not allowed relay access in ''access'' with a right-hand side value of ''OK''.

Current revision

Situation: We allow relaying for a class C network in sendmail's access database, but want to prevent a few IP's (e.g., 192.168.1.100 and 192.168.1.101) in the class C from relaying mail.

e.g., /etc/mail/access:

192.168.1 RELAY
# sendmail -bt
> .D{192.168.1.100}
> Start,check_relay $| 192.168.1.100
...
check_relay      returns: relay

There are two solutions:

  • Explicitly list all IP's allowed relay access from the class C in access with a right-hand side value of RELAY.
  • List the IP's that are not allowed relay access in access with a right-hand side value of OK.

e.g., /etc/mail/access:

192.168.1. RELAY
192.168.1.100 OK
192.168.1.101 OK
# sendmail -bt
> .D{192.168.1.100}
> Start,check_relay $| 192.168.1.100
...
check_relay      returns: ok

From cf/README:

OK	Accept mail even if other rules in the running ruleset would reject it, for example, if the domain name is unresolvable.
       "Accept" does not mean "relay", but at most acceptance for local recipients. That is, OK allows less than RELAY.
Personal tools