Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 26 Apr 1998 18:01:23 -0400 (EDT)
From:      Jay <jay@oneway.com>
To:        Bill Vermillion <bill@bilver.magicnet.net>, Mosquito Net Admin Account <mosquito@itchy.mosquito.com>
Cc:        freebsd-isp@FreeBSD.ORG
Subject:   Re: sendmail problems, part 2 -or- Relay access based on IP 
Message-ID:  <Pine.BSF.3.96.980426173639.14498C-100000@tidal.oneway.com>
In-Reply-To: <199804261538.LAA01761@bilver.magicnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
> Well you need to give these IP's some numbers.  I just put the
> dynamically allocated range from the Livingston into the system -
> gave then names of  du01.my.domain through du??? - meaing dialup 01
> through whataever.

	I highly recommend getting the reverse DNS set up as it will no
doubt help with administration tasks... not to mention reducing emails
saying 'someone on YOUR netblock did bad stuff' rather than, 'a dialup
user at du101.somewhere.net seems to be...'  

> Those are also in the sendmail.cR file.   I had to add about 500
> for an out of town client to map to their ISP dialup.  A pain but
> it works.  
> THere may be a better way.

I needed to do this recently for some netblocks that I had little control
over, etc...  I wrote a short addition to the end of the anti-spam
check_rcpt ruleset that allows 'relaying' based on a file of IP/netblocks.
Here it is:

near where FR is:
FI-o /etc/relay.ips

in check_rcpt before the "$#error ...":

R$*			$: $(dequote "" $&{client_addr} $)
R$=I$*			$@ OK
R$@			$@ OK


This allows you to create a file, relay.ips, with netblocks and/or ips
that you allow to relay.  Eg:

206.206.
206.205.132.
206.205.131.191
206.205.131.192
206.205.131.193

This would allow all of the class-B 206.206.0.0 and all of the class C
206.205.132.0 to relay regardless of their reverse-dns.  It would also
allow the three specific hosts mentioned to relay.  NOTE: the trailing dot
'.' is necessary on netblocks... or at least a really really good idea. 
(Say you enter 206.23 without a trailing dot.  it would make 206.230.0.0 -
206.239.0.0 work as well... very likely an undesired result.  Keep the dot
;) )

A better solution than this would be to set up the appropriate reverse-DNS
as not having reverse-DNS will prohibit customers from ftp-ing to and
accessing some sites.  In those situations that you can't edit/predict DNS
info, this ruleset will do it for you.

As far as why your logs are showing IP's that shouldn't be in use... I
don't know... My guess would be a misconfigured or misbehaving
portmaster/pri box.  

Good Luck,

Jay K.






To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980426173639.14498C-100000>