Date: Wed, 13 Sep 2006 17:56:55 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Giorgos Keramidas <keramida@ceid.upatras.gr> Cc: questions@freebsd.org Subject: Re: sendmail and hosts_access(5) Message-ID: <45083857.40405@infracaninophile.co.uk> In-Reply-To: <20060913163722.GA62734@gothmog.pc> References: <45082E5C.5040503@daleco.biz> <20060913163722.GA62734@gothmog.pc>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigE185DD77B070AA2CC1890615
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable
Giorgos Keramidas wrote:
> On 2006-09-13 11:14, Kevin Kinsey <kdk@daleco.biz> wrote:
>> Hello all,
>>
>> I am attempting to block an SMTP server with /etc/hosts.allow:
>>
>> ----------------------------------------------------------
>> Received: from 241net251.net.zeork.com.pl (241net251.net.zeork.com.pl
>> [194.117.241.251] (may be forged))
>> ----------------------------------------------------------
>> [506] Tue 12.Sep.2006 20:55:44
>> [kadmin@archangel][~]
>> #ssh kadmin@elisha grep zeork /home/kadmin/spammers
>> .net.zeork.com.pl
>>
>> [507] Tue 12.Sep.2006 20:56:55
>> [kadmin@archangel][~]
>> #ssh kadmin@elisha grep /home/kadmin/spammers /etc/hosts.allow
>> sendmail : /home/kadmin/spammers : deny
>> --------------------------------------------------------------
>>
>> hosts_access(5) says this:
>> The access control language implements the following patterns:
>> * A string that begins with a `.' character. A host
>> name is matched if the last components of its name match the
>> specified pattern. For example, the pattern `.tue.nl' matches
>> the host name `wzv.win.tue.nl'
>>
>> So, why does my server continue accepting SMTP connections from=20
>> "241net251.net.zeork.com.pl" ?
>>
>> Thoughts, pointers, gentle kicks on the bum welcomed.
>=20
> I don't think you can have the hostnames in a separate "map file" and
> then reference this file from /etc/hosts.allow.
hosts.allow triggers special behaviour with sendmail. Unlike other servi=
ces
which just close the connection immediately, with sendmail what happens i=
s
that it will accept the connection, let the sender attempt to send
e-mail, but then respond with a 500 'permanent failure' code.
The reason for that is fairly simple: if a MTA gets no answer when trying=
to connect to a server and deliver e-mail, then the standards say it shou=
ld
requeue the message and try again for up to 5 days. The only way to get =
the
sending MTA to give up immediately is to issue a SMTP 500 error code.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enigE185DD77B070AA2CC1890615
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFCDhd8Mjk52CukIwRCJdYAJsHmCo4TZ+ZKVoLz0Vi17aQgjd7tgCfYrSx
aq/7JjB+0ShPosmUJ6MO0LY=
=zeht
-----END PGP SIGNATURE-----
--------------enigE185DD77B070AA2CC1890615--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45083857.40405>