Re: Sendmail access question

Thu, 25 May 2006 19:26:10 -0700

| Or did you mean that only one external IP should be able to send e-mail to | your own local domain??? That would sound a little bit strange. So I do not | assume that..
Actually, yes. The only smtp connections to this mta should be from my antispam gateway. Some spammers are bypassing what my MX records state by using old MX data from a year ago to get around the anti-spam gateway which is what the current MX points too of course. I know I could do this in PF, but because of 'political' issues this machine cant run a firewall. So, I am looking to find out how to do it entirely within sendmail. Ive tried doing.. 
*.*                                 REJECT
spamd.mydomain.com   OK
..but that doesn't seem to do it.

Thanks,
Mike

Paul de Weerd wrote:

On Fri, May 26, 2006 at 12:37:04AM +0200, Per-Olov Sj?holm wrote:
| > I would like to accept mail from only one specified SMTP server
| > and reject all others. I tried '*.*    REJECT' in /etc/mail/access
| > but that doesn't seem to work.
| >
| > Mike Spenard
| | Change to... 
| X.Y.Z.W  RELAY
| in /etc/mail/access and rebuild the access.db (where X.Y.Z.W is the good IP). | This means this IP is the only one that can relay anything through you. All | other IP:s can mail to your domains in /etc/mail/local-host-names if you have | any. If they connect and try anything else than your local domain they will | se "relaying denied". | | If you have a pretty default sendmail config (except for the enabling of | "access") you can consider the mission completed. | | | Or did you mean that only one external IP should be able to send e-mail to | your own local domain??? That would sound a little bit strange. So I do not | assume that.. 

May be a bit strange, but at my previous employer this was a common
setup for our customers. I'd recommend using pf if this is what you
want to do :

table <MXen>     persist { $IP_1, $IP_2, $IPv6_1 }

block in log on $IF proto tcp from any    to any port smtp
pass  in     on $IF proto tcp from <MXen> to any port smtp keep state

But remember what Per-Olov said - this is most likely NOT what you
want (it could, however, be an answer to your question if interpreted
the right way).

Cheers,

Paul 'WEiRD' de Weerd

Reply via email to