From owner-freebsd-questions@FreeBSD.ORG Wed Jan 23 17:27:05 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0879B16A418 for ; Wed, 23 Jan 2008 17:27:05 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 3570313C455 for ; Wed, 23 Jan 2008 17:27:03 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.14.2/8.14.2) with ESMTP id m0NHQqcE005188; Wed, 23 Jan 2008 17:26:53 GMT (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: Sendmail DKIM Filter v2.4.3 smtp.infracaninophile.co.uk m0NHQqcE005188 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=infracaninophile.co.uk; s=200708; t=1201109213; bh=jmpkmCJ2lmv8Dh WBCd/VQHmPWdcZvy/8B0CwAo4wNEI=; h=Message-ID:Date:From:Organization: User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To: X-Enigmail-Version:Content-Type:Content-Transfer-Encoding:Cc: Content-Type:Date:From:In-Reply-To:Message-ID:Mime-Version: References:To; z=Message-ID:=20<479778DC.3090803@infracaninophile. co.uk>|Date:=20Wed,=2023=20Jan=202008=2017:26:52=20+0000|From:=20Ma tthew=20Seaman=20|Organization:=20 Infracaninophile|User-Agent:=20Thunderbird=202.0.0.9=20(X11/2008012 2)|MIME-Version:=201.0|To:=20Agus=20|CC:=20Lowe ll=20Gilbert=20,=20=0D=0A= 20freebsd-questions=20|Subject:=20Re :=20Sendmail=20local=20only.....|References:=20=09<44ir1l4iqq.fsf@be-well .ilk.org>=09=20|In-Reply-To:=20|X-Enigmail-Version:=200.95.0|Content-Type:=20text/plain =3B=20charset=3DISO-8859-1|Content-Transfer-Encoding:=207bit; b=nZX ugx1ufNybg0zeHJBqKSOpRtg58VOo013SNMxgfprru/rWpaY0Yn/BkrR9wa5m957hhT CNc/zH7K06VnL3/MFg4qHTBaZ0OgRSEvH6lKNzx1fNZZOPaw+AoL5moeZOCGeAzz9yd 7TtVaZuB+hb1hi85OIIT5iVGR1cgUEk1Og= Message-ID: <479778DC.3090803@infracaninophile.co.uk> Date: Wed, 23 Jan 2008 17:26:52 +0000 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 2.0.0.9 (X11/20080122) MIME-Version: 1.0 To: Agus References: <44ir1l4iqq.fsf@be-well.ilk.org> In-Reply-To: X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (smtp.infracaninophile.co.uk [IPv6:::1]); Wed, 23 Jan 2008 17:26:53 +0000 (GMT) X-Virus-Scanned: ClamAV 0.92/5531/Wed Jan 23 10:32:09 2008 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-3.0 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VERIFIED,NO_RELAYS autolearn=ham version=3.2.4 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on happy-idiot-talk.infracaninophile.co.uk Cc: Lowell Gilbert , freebsd-questions Subject: Re: Sendmail local only..... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jan 2008 17:27:05 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Agus wrote: > Maybe i wasnt clear...but with the options you gave me Giorgos i still can > send email from localhost to external servers like hotmail for instance, > through telnet.....I want to disable this, so it can only send mails to > local accounts.... > This is because this will be an open server with ssh access, so anyone with > access will be able to send mails to everywhere, so i dont want this to > happen.... Hmm... It's actually pretty hard to stop an MTA from being able to send e-mail, given that is what it is designed to do. A quick fix would be to use the firewall on the box to block connection to port 25 outgoing. Eg. with pf(4): block log out on $ext_if proto tcp \ from any to any port smtp However this will lead to outgoing messages clogging up the mail spool typically for five days, instead of being immediately rejected. You could try a custom sendmail configuration without the SMTP mailer - -- just delete the line saying: MAILER(smtp) at the end of `hostname`.mc and generate a sendmail .cf file in the usual way (ie. 'make all install') I am however not at all sure that even works -- sendmail documentation basically says the smtp mailer is mandatory. Another approach worth trying would be to use a wildcard mailertable entry that redirects any mail back to root the local machine: localhost local: your.host.name local: . local:root or replace the last line with: . error:Mail to external sites not allowed in order to reject the message instantly. This is all untried, so no guarantees of success, but experimenting along one or more of those lines should achieve what you want. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHl3jc8Mjk52CukIwRCNBvAJ941ZEAs+RnO7r0MR4S7wYH91oMWACeM01a pGXYxBKLwcqgybnT1l1Cb1E= =3A0Z -----END PGP SIGNATURE-----