Disabling sendmail relay access for certain IPs

From Brandonhutchinson.com

Jump to: navigation, search

Situation: We allow relaying for a class C network in sendmail's access database, but want to prevent a few IP's (e.g., 192.168.1.100 and 192.168.1.101) in the class C from relaying mail.

e.g., /etc/mail/access:

192.168.1 RELAY
# sendmail -bt
> .D{192.168.1.100}
> Start,check_relay $| 192.168.1.100
...
check_relay      returns: relay

There are two solutions:

  • Explicitly list all IP's allowed relay access from the class C in access with a right-hand side value of RELAY.
  • List the IP's that are not allowed relay access in access with a right-hand side value of OK.

e.g., /etc/mail/access:

192.168.1. RELAY
192.168.1.100 OK
192.168.1.101 OK
# sendmail -bt
> .D{192.168.1.100}
> Start,check_relay $| 192.168.1.100
...
check_relay      returns: ok

From cf/README:

OK	Accept mail even if other rules in the running ruleset would reject it, for example, if the domain name is unresolvable.
       "Accept" does not mean "relay", but at most acceptance for local recipients. That is, OK allows less than RELAY.
Personal tools