From owner-freebsd-questions  Wed Jan 28 16:36:20 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA00185
          for questions-outgoing; Wed, 28 Jan 1998 16:36:20 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from awfulhak.org (awfulhak.demon.co.uk [158.152.17.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA00169
          for <questions@freebsd.org>; Wed, 28 Jan 1998 16:36:07 -0800 (PST)
          (envelope-from brian@Awfulhak.org)
Received: from gate.lan.awfulhak.org (localhost [127.0.0.1])
	by awfulhak.org (8.8.7/8.8.7) with ESMTP id VAA09743;
	Wed, 28 Jan 1998 21:18:01 GMT
	(envelope-from brian@gate.lan.awfulhak.org)
Message-Id: <199801282118.VAA09743@awfulhak.org>
X-Mailer: exmh version 2.0.1 12/23/97
To: Cliff Addy <fbsdlist@federation.addy.com>
cc: questions@FreeBSD.ORG
Subject: Re: Stopping mail relaying (again) 
In-reply-to: Your message of "Wed, 28 Jan 1998 08:23:23 EST."
             <Pine.BSF.3.95q.980128081607.19174A-100000@federation.addy.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 28 Jan 1998 21:18:01 +0000
From: Brian Somers <brian@Awfulhak.org>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk

> According to the anti-relaying stuff on sendmail.org, this will stop
> relaying if placed in sendmail.cf:
> 
>    #LOCAL_CONFIG
>    FR-o /etc/sendmail.cf.relays
> 
>    #LOCAL_RULESETS
>    Scheck_rcpt
>    # anything terminating locally is ok
>    R< $+ @ $=w >  $@ OK
>    R< $+ @ $=R >  $@ OK
> 
>    # anything originating locally is ok
>    R$*    $: $(dequote "" $&{client_name} $)
>    R$=w   $@ OK
>    R$=R   $@ OK
>    R$@    $@ OK
> 
>    # anything else is bogus
>    R$*    $#error $: "550 Relaying Denied"
> 
> My question is:  is it checking the machine name that's making the smtp
> connection to you or just the To: and From: headers?  In other words, if I
> place "abc.com" into the sendmail.cf.relays file, will a user dialed into
> the ISP "def.com" be able to relay as long as his copy of Netscape has
> "joe_user@abc.com" as the return address?  Or will it get rejected because
> sendmail sees the connection is coming from "dialup247.def.net"?

check_rcpt just checks the recipient address - ie, the "RCPT" bit of 
the protocol.

If you want to block based on the connecting machine name or IP 
number, use the check_relay ruleset (it gets passed the connecting 
name and IP number separated by ``$|''.

-- 
Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <brian@OpenBSD.org>
      <http://www.Awfulhak.org>
Don't _EVER_ lose your sense of humour....