From owner-freebsd-questions Mon Jun 1 19:01:19 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA07334 for freebsd-questions-outgoing; Mon, 1 Jun 1998 19:01:19 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from typeline.com (www.typeline.com [209.116.143.131]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA07184 for ; Mon, 1 Jun 1998 19:00:52 -0700 (PDT) (envelope-from rjb@typeline.com) Received: from typeline.com (usr5-07.pat.nj.webspan.net [206.154.92.99]) by typeline.com (8.8.7/8.8.7) with ESMTP id VAA06625; Mon, 1 Jun 1998 21:59:22 -0400 (EDT) (envelope-from rjb@typeline.com) Message-ID: <35735ACB.FF8688D1@typeline.com> Date: Mon, 01 Jun 1998 21:52:12 -0400 From: Bob Badaracco X-Mailer: Mozilla 4.05 [en] (Win95; I) MIME-Version: 1.0 To: Dima Dorfman CC: freebsd-questions@FreeBSD.ORG Subject: Re: Restricting mail server access References: <199806012342.TAA13457@nwalme.pair.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >From what I'm reading, tcp_wrappers are the way to go. You get access control and a nice layer of security with very little effort. Dima Dorfman wrote: > > Our mail server is running the latest version of Sendmail under FreeBSD > > version 8.9.0? > > > along with qpopper > > as the POP3 mail server. We have 10 local accounts on this server and > > would like to restrict > > external access all together or from specific domains. In other words we > > > > don't want our employees using our mail server address in their browsers > > > > to access company email accounts from their personal > > ISP connection. > > > > I've read most of the Sendmail FAQ's and most of the FreeBSD docs > > here but don't have a clue > > how to handle this. > > > > Sendmail can handle this. Disabling relaying will disallow anyone to use > your SMTP server to send mail unless it's to your domain. See > http://www.sendmail.org/m4/anti-spam.html for details. I don't know about > QPopper. > > Another solutions will be to enable a firewall, and disallow anythng on > port 25 and 110 outside your IP network (or whereever else your employees > are). > > Hope this helps :-) > > > > > > > Content-Description: Card for Bob Badaracco > > [Attachment, skipping...] > > -- > Dima Dorfman (dima@zwb.net) > > "640k ought to be enough for anybody." - Bill Gates, 1981 > Micro$oft Sucks! FreeBSD Rules! http://www.freebsd.org/ > > Finger dima@zwb.net for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message