On 5/22/07, Rob <[EMAIL PROTECTED]> wrote:
Doug Hardie wrote:
> On May 22, 2007, at 10:46, Maxim Khitrov wrote:
>>> > # Deny sendmail to all clients (temporary)
>>> > sendmail : all : deny
> tcp wrappers must be coded into the application. The call which
> actually checks the access permissions in the hosts.allow file is
> hosts_access() (see man hosts_access). Checking through the sendmail
I have to disagree with that. I run unmodified 8.13.8 on 6.2, and it DOES
respect hosts.allow. Just not in the way you might assume.
I can telnet to port 25, it allows connections from *anywhere*, and will respond to a HELO. It's not until I
give it a "mail to:" that it protests with "550 5.0.0 Access denied". I use
"FEATURE(delay_checks)" in the cf file, which may have some effect on this.
The log file shows:
May 22 14:56:47 cartman sm-mta: l4MIullh074026: tcpwrappers (unknown,
The actual options & version look like:
$ sendmail -bp -d0.1
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SCANF
STARTTLS TCPWRAPPERS USERDB XDEBUG
$ uname -rms
FreeBSD 6.2-RELEASE i386
You know, I could have sworn that I checked actually sending the
message through telnet yesterday with the deny rule in place. You're
right through, it fails right after I give it mail from command. Guess
I didn't keep good track of what I was checking each time. Do you know
if there is a reason they chose to do it this way? Accept the
connection, but don't allow the client to do anything with it? I
didn't find FEATURE(delay_checks) in any of my cf files, so I think
it's something else. Well at any rate, thanks for your help.
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"