From owner-freebsd-security Wed Aug 13 07:46:57 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id HAA20805 for security-outgoing; Wed, 13 Aug 1997 07:46:57 -0700 (PDT) Received: from netrail.net (netrail.net [205.215.10.3]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA20794 for ; Wed, 13 Aug 1997 07:46:51 -0700 (PDT) Received: from localhost (jonz@localhost) by netrail.net (8.8.6/8.8.6) with SMTP id KAA09621; Wed, 13 Aug 1997 10:45:38 GMT Date: Wed, 13 Aug 1997 10:45:38 +0000 (GMT) From: "Jonathan A. Zdziarski" To: "az.com" cc: security@FreeBSD.ORG Subject: Re: sendmail 553 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk I just use rule 96 to keep us from allowing anybody outside us to send mail through us F{LocalIP}/etc/LocalIP S96 # handle special cases for local names R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [a.b.c.d] R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr ------------------------------------------------------------------------- Jonathan A. Zdziarski NetRail Incorporated Server Engineering Manager 230 Peachtree St. Suite 500 jonz@netrail.net Atlanta, GA 30303 http://www.netrail.net (888) - NETRAIL ------------------------------------------------------------------------- On Tue, 12 Aug 1997, az.com wrote: : :Has anyone added the external gateway refusal modifications to sendmail's :checkcompat(to, e) function? (dsn 5.1.7, sendmail 553) : :This let's some hijacking through and shouldn't: : :do :{ : : if (strcmp(to->q_mailer, "local") != 0 ) : : { : usrerr("553 Gateway access denied."); : to->q_status = "5.7.1"; : return (EX_UNAVAILABLE); : } : :} while (to = to->q_next); : : return (EX_OK); :} :