On 5/22/07, Rob <[EMAIL PROTECTED]> wrote:
Doug Hardie wrote: > On May 22, 2007, at 10:46, Maxim Khitrov wrote: >>> > # Deny sendmail to all clients (temporary) >>> > sendmail : all : deny> tcp wrappers must be coded into the application. The call which > actually checks the access permissions in the hosts.allow file is > hosts_access() (see man hosts_access). Checking through the sendmail I have to disagree with that. I run unmodified 8.13.8 on 6.2, and it DOES respect hosts.allow. Just not in the way you might assume. I can telnet to port 25, it allows connections from *anywhere*, and will respond to a HELO. It's not until I give it a "mail to:" that it protests with "550 5.0.0 Access denied". I use "FEATURE(delay_checks)" in the cf file, which may have some effect on this. The log file shows: May 22 14:56:47 cartman sm-mta[74026]: l4MIullh074026: tcpwrappers (unknown, 192.31.130.140) rejection The actual options & version look like: $ sendmail -bp -d0.1 Version 8.13.8 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG $ uname -rms FreeBSD 6.2-RELEASE i386 -RW
You know, I could have sworn that I checked actually sending the message through telnet yesterday with the deny rule in place. You're right through, it fails right after I give it mail from command. Guess I didn't keep good track of what I was checking each time. Do you know if there is a reason they chose to do it this way? Accept the connection, but don't allow the client to do anything with it? I didn't find FEATURE(delay_checks) in any of my cf files, so I think it's something else. Well at any rate, thanks for your help. - Max _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
