From owner-freebsd-questions  Thu Dec 30 13:58:31 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from sax.sax.de (sax.sax.de [193.175.26.33])
	by hub.freebsd.org (Postfix) with ESMTP id 2264914C1A
	for <freebsd-questions@FreeBSD.ORG>; Thu, 30 Dec 1999 13:58:29 -0800 (PST)
	(envelope-from mw@theatre.sax.de)
Received: (from uucp@localhost)
	by sax.sax.de (8.9.3/8.9.3) with UUCP id WAA28498;
	Thu, 30 Dec 1999 22:58:12 +0100 (CET)
Received: by theatre.sax.de (8.9.3/8.6.12-s1)
	id WAA63576; Thu, 30 Dec 1999 22:55:34 +0100 (CET)
Date: Thu, 30 Dec 1999 22:55:34 +0100
From: Martin Welk <mw@theatre.sax.de>
To: Sheldon Hearn <sheldonh@uunet.co.za>
Cc: John <papalia@UDel.Edu>, Jim Conner <jconner@enterit.com>,
	freebsd-questions@FreeBSD.ORG
Subject: Re: Wrapping Sendmail [was: Re: DNS Setup]
Message-ID: <19991230225533.C63036@theatre.sax.de>
References: <4.1.19991219141354.00957160@mail.udel.edu> <86563.945689682@axl.noc.iafrica.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <86563.945689682@axl.noc.iafrica.com>; from sheldonh@uunet.co.za on Mon, Dec 20, 1999 at 01:34:42PM +0200
Organization: Private UUCP/Usenet site.
X-Operating-System: FreeBSD http://www.freebsd.org/
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Dec 20, 1999 at 01:34:42PM +0200, Sheldon Hearn wrote:

> Using TCP Wrappers for sendmail is only really useful for special cases,
> for example for relay-only hosts that don't accept incoming connections,
> or hosts that only accept incoming connections from a limited number of
> mail gateways.

IP based mail filtering is in the most scenarios only a solution for the
worst case, constant attacks or tries on your mailer daemon or denial of
service attacks. Instead, you should read the sendmail documentation for
prevention against misusing your mailer and filtering e-mail. First of
all, don't permit relaying for domains and/or hosts you don't to relay for.
This is the default for sendmail starting with version 8.9.x and it checks
the DNS MX records if your host is a valid MX for a domain and decided by
this, if it takes the mail or not.

You can also include several black lists into sendmail from projects that
collect data about repeating SPAM from hosts so you can at least include
well-known spammer sites to block them from yours.

We did so at a private ISP I do administration work for, and it reduced our
non-wanted crap to almost nothing.

Regards,

Martin
-- 
 /| /|        | /| /            ,,You know, there's a lot of opportunities,
/ |/ | artin  |/ |/ elk                     if you're knowing to take them,
                                  you know, there's a lot of opportunities,
Freiberg/Saxony, Germany                 if there aren't you can make them,
mw@sax.de / mw@theatre.sax.de          make or break them!'' (Tennant/Lowe)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message