Date: Wed, 28 Jan 1998 21:18:01 +0000 From: Brian Somers <brian@Awfulhak.org> To: Cliff Addy <fbsdlist@federation.addy.com> Cc: questions@FreeBSD.ORG Subject: Re: Stopping mail relaying (again) Message-ID: <199801282118.VAA09743@awfulhak.org> In-Reply-To: Your message of "Wed, 28 Jan 1998 08:23:23 EST." <Pine.BSF.3.95q.980128081607.19174A-100000@federation.addy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> According to the anti-relaying stuff on sendmail.org, this will stop
> relaying if placed in sendmail.cf:
>
> #LOCAL_CONFIG
> FR-o /etc/sendmail.cf.relays
>
> #LOCAL_RULESETS
> Scheck_rcpt
> # anything terminating locally is ok
> R< $+ @ $=w > $@ OK
> R< $+ @ $=R > $@ OK
>
> # anything originating locally is ok
> R$* $: $(dequote "" $&{client_name} $)
> R$=w $@ OK
> R$=R $@ OK
> R$@ $@ OK
>
> # anything else is bogus
> R$* $#error $: "550 Relaying Denied"
>
> My question is: is it checking the machine name that's making the smtp
> connection to you or just the To: and From: headers? In other words, if I
> place "abc.com" into the sendmail.cf.relays file, will a user dialed into
> the ISP "def.com" be able to relay as long as his copy of Netscape has
> "joe_user@abc.com" as the return address? Or will it get rejected because
> sendmail sees the connection is coming from "dialup247.def.net"?
check_rcpt just checks the recipient address - ie, the "RCPT" bit of
the protocol.
If you want to block based on the connecting machine name or IP
number, use the check_relay ruleset (it gets passed the connecting
name and IP number separated by ``$|''.
--
Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <brian@OpenBSD.org>
<http://www.Awfulhak.org>;
Don't _EVER_ lose your sense of humour....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199801282118.VAA09743>