Date: Sun, 26 Apr 1998 18:01:23 -0400 (EDT) From: Jay <jay@oneway.com> To: Bill Vermillion <bill@bilver.magicnet.net>, Mosquito Net Admin Account <mosquito@itchy.mosquito.com> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: sendmail problems, part 2 -or- Relay access based on IP Message-ID: <Pine.BSF.3.96.980426173639.14498C-100000@tidal.oneway.com> In-Reply-To: <199804261538.LAA01761@bilver.magicnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> Well you need to give these IP's some numbers. I just put the > dynamically allocated range from the Livingston into the system - > gave then names of du01.my.domain through du??? - meaing dialup 01 > through whataever. I highly recommend getting the reverse DNS set up as it will no doubt help with administration tasks... not to mention reducing emails saying 'someone on YOUR netblock did bad stuff' rather than, 'a dialup user at du101.somewhere.net seems to be...' > Those are also in the sendmail.cR file. I had to add about 500 > for an out of town client to map to their ISP dialup. A pain but > it works. > THere may be a better way. I needed to do this recently for some netblocks that I had little control over, etc... I wrote a short addition to the end of the anti-spam check_rcpt ruleset that allows 'relaying' based on a file of IP/netblocks. Here it is: near where FR is: FI-o /etc/relay.ips in check_rcpt before the "$#error ...": R$* $: $(dequote "" $&{client_addr} $) R$=I$* $@ OK R$@ $@ OK This allows you to create a file, relay.ips, with netblocks and/or ips that you allow to relay. Eg: 206.206. 206.205.132. 206.205.131.191 206.205.131.192 206.205.131.193 This would allow all of the class-B 206.206.0.0 and all of the class C 206.205.132.0 to relay regardless of their reverse-dns. It would also allow the three specific hosts mentioned to relay. NOTE: the trailing dot '.' is necessary on netblocks... or at least a really really good idea. (Say you enter 206.23 without a trailing dot. it would make 206.230.0.0 - 206.239.0.0 work as well... very likely an undesired result. Keep the dot ;) ) A better solution than this would be to set up the appropriate reverse-DNS as not having reverse-DNS will prohibit customers from ftp-ing to and accessing some sites. In those situations that you can't edit/predict DNS info, this ruleset will do it for you. As far as why your logs are showing IP's that shouldn't be in use... I don't know... My guess would be a misconfigured or misbehaving portmaster/pri box. Good Luck, Jay K. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980426173639.14498C-100000>