SUMMARY: Host access list for connection via IP port 25 (SMTP)

Dr. D.G.Checketts (checkedg@eee.bham.ac.uk)
Tue, 25 Nov 1997 08:56:55 +0000 (GMT)

The original posting :-

*******************************************************************************

I am running Sun's standard sendmail offering (8.6) on a Solaris 2.4 server.
In order to properly manage the usage of email, a need has arisen to limit
the machines which may forward mail via this server. This would include a list
of local Sun machines, a remote mail gateway (still on Campus) and NOTHING ELSE.

Does anyone know how this can be achieved? I am aware of tcp_wrappers but am not
sure how that could be used in conjunction with sendmail. I have also seen the
sites which talk about methods to cut down spam mail. The objective in those
cases seems to be to give a list of disallowed machines. I need to do the
opposite, i.e. give a list of allowed machines.

All help gratefully received and a summary will be posted.

*******************************************************************************

The response was fast as always (no. 1 arrived before I even received
notification of my own posting) and really useful. The problem is now solved.

I used Randy Zagar's suggestion and just integrated sendmail into tcp_wrappers.
I thought that it was necessary to use some other interface between these
too items but Randy's "two-line solution" did the job for us. I realise
that this will not return any warning to invalid senders but that is
fine by us as all mail should be routed through the proper DNS registered
hosts anyway.

> From zagar@chester.cms.udel.edu@eee.bham.ac.uk Tue Nov 18 16:41:46 1997
> To: d.g.checketts@bham.ac.uk
> Subject: Re: Host access list for connection via IP port 25 (SMTP)
> X-Sun-Charset: US-ASCII
> Content-Length: 993
> X-Lines: 38
>
>
> I have successfully used tcp_wrappers to restrict access to sendmail
> in the following way:
>
> 1. Change sendmail startup script in /etc/init.d from
>
> /usr/lib/sendmail -bd -q1h
>
> to
>
> /usr/lib/sendmail -q1h
>
> This sendmail process will now only handle delivering outgoing mail.
>
>
> 2. Create an 'smtp' entry in /etc/inetd.conf that looks like
>
> smtp stream tcp nowait root /usr/local/sbin/in.tcpd \
> /usr/lib/sendmail -bs
>
> Any incoming SMTP connection requests will now be handled through inetd
> and can be filtered with appropriate entries in the hosts.allow file.
>
>
> I believe this was described in the tcp_wrapper documentation...
>
>
> Also, sendmail-8.8.x has tcp_wrapper support built into it...
>
> -Randy
>
> ===
>
> Randy Zagar E-Mail: zagar@udel.edu
> Sr. Scientific Programmer E-Mail: zagar@newark.cms.udel.edu
> College of Marine Studies Voice: (302) 831-1139
> University of Delaware FAX: (302) 831-6838
> Newark, DE 19716
>

I did receive some advice from Claus Assmann to modify the sendmail.cf
file after upgrading to version 8.8.

> From ca@informatik.uni-kiel.de@eee.bham.ac.uk Tue Nov 18 16:34:23 1997
> To: d.g.checketts@bham.ac.uk
> Subject: Re: Host access list for connection via IP port 25 (SMTP)
> Mime-Version: 1.0
> X-Lines: 19
>
>
>
> Scheck_relay
> # everything in class w is ok.
> R$*.$=w $| $+ $@ ok
> # everything else is forbidden
> R$* $| $* $#error $@ 5.7.1 $: no access from $1
>
> You may need something more than class w!
>
> Best regards,
>
> Claus Assmann
>

Everyone else suggested upgrading to sendmail 8.8 and using the anti-spam
features of that release. I decided not to do that for now as we would lose
Sun OS support. Hopefully they will be bringing out an improved version
themselves before too long.

Many Thanks to :-

Melanie mel@vanyel.herald.co.uk
Reto Lichtensteiger rali@meitca.com
Rick Kulawiec rsk@itw.com
Micky Panayiotakis Mickey@intr.net
Shriman Gurung SG@datcon.co.uk
Karl Vogel vogelke@c17mis.region2.wpafb.af.mil

+ those in the main text of course. Sun Managers comes out top again.

Regards

David

***************************************************************************
Dr. David Checketts | E-Mail d.g.checketts@bham.ac.uk
Computer Officer |
School of Elec. & Elec. Eng., |
University of Birmingham | Telephone: 0121 414 4322
Birmingham, B15 2TT, | Fax: 0121 414 4291
England
***************************************************************************