Date: Wed, 23 Jan 2008 17:26:52 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Agus <agus.262@gmail.com> Cc: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>, freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Sendmail local only..... Message-ID: <479778DC.3090803@infracaninophile.co.uk> In-Reply-To: <fda61bb50801230844j726c256yd0a2280e4d685d9d@mail.gmail.com> References: <fda61bb50801221325p35aae924y116f74c2c026fa1c@mail.gmail.com> <44ir1l4iqq.fsf@be-well.ilk.org> <fda61bb50801230731o6ede28a6qfe373dfcab9f7299@mail.gmail.com> <fda61bb50801230844j726c256yd0a2280e4d685d9d@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Agus wrote:
> Maybe i wasnt clear...but with the options you gave me Giorgos i still can
> send email from localhost to external servers like hotmail for instance,
> through telnet.....I want to disable this, so it can only send mails to
> local accounts....
> This is because this will be an open server with ssh access, so anyone with
> access will be able to send mails to everywhere, so i dont want this to
> happen....
Hmm... It's actually pretty hard to stop an MTA from being able to
send e-mail, given that is what it is designed to do.
A quick fix would be to use the firewall on the box to block connection
to port 25 outgoing. Eg. with pf(4):
block log out on $ext_if proto tcp \
from any to any port smtp
However this will lead to outgoing messages clogging up the mail spool
typically for five days, instead of being immediately rejected.
You could try a custom sendmail configuration without the SMTP mailer
- -- just delete the line saying:
MAILER(smtp)
at the end of `hostname`.mc and generate a sendmail .cf file in the
usual way (ie. 'make all install') I am however not at all sure that
even works -- sendmail documentation basically says the smtp mailer
is mandatory.
Another approach worth trying would be to use a wildcard mailertable
entry that redirects any mail back to root the local machine:
localhost local:
your.host.name local:
. local:root
or replace the last line with:
. error:Mail to external sites not allowed
in order to reject the message instantly. This is all untried, so
no guarantees of success, but experimenting along one or more of those
lines should achieve what you want.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHl3jc8Mjk52CukIwRCNBvAJ941ZEAs+RnO7r0MR4S7wYH91oMWACeM01a
pGXYxBKLwcqgybnT1l1Cb1E=
=3A0Z
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?479778DC.3090803>