From owner-freebsd-questions@FreeBSD.ORG Tue May 22 19:26:26 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 008C016A469 for ; Tue, 22 May 2007 19:26:25 +0000 (UTC) (envelope-from r17fbsd@xxiii.com) Received: from cartman.xxiii.com (cartman.xxiii.com [208.62.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id A39ED13C46E for ; Tue, 22 May 2007 19:26:25 +0000 (UTC) (envelope-from r17fbsd@xxiii.com) Received: from [172.23.23.190] (lan23.xxiii.com [208.62.177.50]) by cartman.xxiii.com (8.13.8/8.13.8) with ESMTP id l4MJD5RQ074241 for ; Tue, 22 May 2007 15:13:05 -0400 (EDT) (envelope-from r17fbsd@xxiii.com) Message-ID: <465340C0.3040705@xxiii.com> Date: Tue, 22 May 2007 15:13:04 -0400 From: Rob User-Agent: Thunderbird 1.5.0.10 (Windows/20070221) MIME-Version: 1.0 To: FreeBSD Questions References: <26ddd1750705211537j78ed83fdm921f7f5e5df5c4@mail.gmail.com> <20070522105732.A2743@erienet.net> <26ddd1750705220837n141787fdh6167c0cb07a8396f@mail.gmail.com> <20070522121629.X86945@fledge.watson.org> <26ddd1750705221046m543c427ahf9c73878d14f6e2a@mail.gmail.com> <9355E7E0-1B92-40A1-BDB2-D17FD1815814@lafn.org> In-Reply-To: <9355E7E0-1B92-40A1-BDB2-D17FD1815814@lafn.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Sendmail ignores hosts.allow X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 May 2007 19:26:26 -0000 Doug Hardie wrote: > On May 22, 2007, at 10:46, Maxim Khitrov wrote: >>> > # Deny sendmail to all clients (temporary) >>> > sendmail : all : deny > tcp wrappers must be coded into the application. The call which > actually checks the access permissions in the hosts.allow file is > hosts_access() (see man hosts_access). Checking through the sendmail I have to disagree with that. I run unmodified 8.13.8 on 6.2, and it DOES respect hosts.allow. Just not in the way you might assume. I can telnet to port 25, it allows connections from *anywhere*, and will respond to a HELO. It's not until I give it a "mail to:" that it protests with "550 5.0.0 Access denied". I use "FEATURE(delay_checks)" in the cf file, which may have some effect on this. The log file shows: May 22 14:56:47 cartman sm-mta[74026]: l4MIullh074026: tcpwrappers (unknown, 192.31.130.140) rejection The actual options & version look like: $ sendmail -bp -d0.1 Version 8.13.8 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG $ uname -rms FreeBSD 6.2-RELEASE i386 -RW