SUMMARY: Deny SMTP connections from a certain IP/Domain

From: Tony Ching-Tung Wu (tonywu@cyberhause.com.tw)
Date: Thu Aug 22 1996 - 10:22:24 CDT


Thanks to the following people for reply.

Reto Lichtensteiger <rali@meitca.com>
Jochen Bern <bern@penthesilea.uni-trier.de>
Claus Assmann <ca@informatik.uni-kiel.de>
John Hall <jhall@sqi.com>
Reinhard Bertram <Reinhard.Bertram@KOM.th-darmstadt.de>
Dave Roberts <djr@saa-cons.co.uk>

The answer is TCP WRAPPER, Claus Assmann has the very detailed answer.
Thank you again !!

Regards,
Tony.
----------------------------------------------------------------------------
> I am wondering if it's possible to deny SMTP connections from a certain IP
> or Domain. We would like to prevent some local machines from sending
> emails through our mail server. We run ucb sendmail 8.7 series here. Is it
> possible to do that ?

Somthing like this?

4) How do I refuse e-mail from unwanted domains (users)?

If you have sendmail 8, you can do the following to refuse mails from
unwanted hosts/domains:

Put into ruleset 98 something like: (this is LOCAL_RULE_0 in your .mc file)
R$* < @$*$=K . > $* $#error $@ 5.7.1 $: "This domain is banned."
R$* < @$*$=K > $* $#error $@ 5.7.1 $: "This domain is banned."
And define a class K by:
FK /etc/banned.domains
In this file, you should put the names of the banned domains, e.g.,
moneyworld.com

If you want to specify the user(s) too, you have to replace the first
$* with the name or a match for a class.

Another possibility is to use tcp_wrappers. There is a patch
(avalailble at ftp.informatik.uni-kiel.de
/pub/sources/security/MIRROR.ftp.win.tue.nl/sendmail-tcpd.patch.gz) for
sendmail 8.7.5, which incorporates the functionality directly into
sendmail. Using this approach, you can define the access to your
sendmail daemon based on the rules available for tcp_wrappers.

If you have any corrections/additions/suggestions, please let me know.
These questions and answers are also available on
http://www.informatik.uni-kiel.de/%7Eca/email/english.html
which contains some more hints about sendmail.

Hope this help,

Claus Assmann



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:08 CDT