From owner-freebsd-questions@freebsd.org Wed Jan 4 13:20:02 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E1AECC9E85C for ; Wed, 4 Jan 2017 13:20:02 +0000 (UTC) (envelope-from bah@bananmonarki.se) Received: from feeder.usenet4all.se (1-1-1-38a.far.sth.bostream.se [82.182.32.53]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 51C121A37 for ; Wed, 4 Jan 2017 13:20:00 +0000 (UTC) (envelope-from bah@bananmonarki.se) Received: from testbox.news4all.se (testbox.usenet4all.se [10.0.0.3]) by feeder.usenet4all.se (8.13.1/8.13.1) with ESMTP id v04DJunB043789; Wed, 4 Jan 2017 14:19:56 +0100 (CET) (envelope-from bah@bananmonarki.se) Subject: Re: Sendmail on freebsd To: Ian Smith References: <20170104232802.Y26979@sola.nimnet.asn.au> Cc: freebsd-questions@freebsd.org From: Bernt Hansson Message-ID: <01675719-f581-9fae-f242-06cebac424be@bananmonarki.se> Date: Wed, 4 Jan 2017 14:19:56 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.5.0 MIME-Version: 1.0 In-Reply-To: <20170104232802.Y26979@sola.nimnet.asn.au> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jan 2017 13:20:03 -0000 On 2017-01-04 14:06, Ian Smith wrote: > In freebsd-questions Digest, Vol 657, Issue 5, Message: 18 > On Wed, 4 Jan 2017 08:26:48 +0100 Bernt Hansson wrote: > > Hello list! > > > > Have a question or more about /etc/mail/access. > > > > Is this list appropiatefor this kind of question? > > I don't see why not. > > > If not, please point me in the right direction. > > > > If i put this in /etc/mail/access > > > > com REJECT > > > > Does that reject all domains that contain com > > or just TLD com. > > The latter, BUT unless things have changed, you need to specify what > kind of header it appears in, e.g (and yes, these are real entries): > > Connect:xyz REJECT > From:xyz REJECT > > The former rejects all mail 'Received: from' any hostname *.xyz > The latter rejects mail with 'envelope-from' any address@*.xyz > > For example, this (digest) message had first headers of: > > Return-Path: > Received: from mx2.freebsd.org (mx2.freebsd.org [8.8.178.116]) > by xxxx.nimnet.asn.au (x.yy.z/x.yy.z) with ESMTP id v04C0M0x055062 > for ; Wed, 4 Jan 2017 23:00:28 +1100 (EST) > (envelope-from owner-freebsd-questions@freebsd.org) > > Return-Path: is often, usually, but NOT always = envelope-from > > Connect:mx2.freebsd.org ACCEPT > would accept all mail 'Received: from' hostname mx2.freebsd.org > > From:freebsd.org ACCEPT > would accept mail from or _claiming_ to be from any address@freebsd.org > > That is: envelope-from addresses, as most other headers, can be forged, > whereas Connect: hostnames are returned by DNS lookup on the IP address, > and generally speaking can be relied upon - if your DNS server can be :) > > cheers, Ian > Well, that does not answer my question, or my question is not quite right. Have this in access romtelecom.net REJECT Would sendmail reject that based on com REJECT /B