On Wed, 25 Sep 2002, Mike Ballon wrote: > Sendmail does NOT need to be restarted when updating the access file, it > does need to be built of course 'make access.db' but that's it. > > I'd like to see a snip of the maillog to see if he was actually being > allowed to relay though. >
Hmmm I didn't do a 'make access.db', I did a '/sbin/service sendmail restart'. Does that force a 'make access.db'? Anyway, here's a partial snippet of maillog. There were quite a few attempts, each appearing to use different namesets within my domain. ============================================================== Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <[EMAIL PROTECTED]>... User unknown Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <[EMAIL PROTECTED]>... User unknown Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <[EMAIL PROTECTED]>... User unknown Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <[EMAIL PROTECTED]>... User unknown Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <[EMAIL PROTECTED]>... User unknown Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <[EMAIL PROTECTED]>... User unknown Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <[EMAIL PROTECTED]>... User unknown Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <[EMAIL PROTECTED]>... User unknown Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <[EMAIL PROTECTED]>... User unknown Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <[EMAIL PROTECTED]>... User unknown Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: from=<[EMAIL PROTECTED]>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=rlkal1a046.comtech-data.se [194.198.208.46] (may be forged) ============================================================== After putting in the hosts.deny entry, restarting XINETD and putting in the entry in /etc/mail/access, and restarting sendmail. This is what turns up in the log about every 20 minutes or so: ============================================================== Sep 25 13:07:10 tiger sendmail[31999]: g8PN79P31999: ruleset=check_relay, arg1=rlkal1a009.comtech-data.se, arg2=194.198.208.9, relay=rlkal1a009.comtech-data.se [194.198.208.9] (may be forged), reject=550 5.7.1 Access denied Sep 25 13:07:11 tiger sendmail[31999]: NOQUEUE: rlkal1a009.comtech-data.se [194.198.208.9] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Sep 25 13:51:22 tiger sendmail[32024]: g8PNpLP32024: ruleset=check_relay, arg1=rlkal1a009.comtech-data.se, arg2=194.198.208.9, relay=rlkal1a009.comtech-data.se [194.198.208.9] (may be forged), reject=550 5.7.1 Access denied Sep 25 13:51:25 tiger sendmail[32024]: NOQUEUE: rlkal1a009.comtech-data.se [194.198.208.9] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Sep 25 14:36:46 tiger sendmail[32062]: g8Q0agP32062: ruleset=check_relay, arg1=rlkal1a009.comtech-data.se, arg2=194.198.208.9, relay=rlkal1a009.comtech-data.se [194.198.208.9] (may be forged), reject=550 5.7.1 Access denied Sep 25 14:36:47 tiger sendmail[32062]: NOQUEUE: rlkal1a009.comtech-data.se [194.198.208.9] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA ============================================================== Not sure what else I can do. Most Euro's I've dealt with are scum so being able to block this dood is at least gratifying in a small way. Euro's like to talk big about the evil USA but to date most problems I've had with outside intruders have been from Euro's who seem to have nothing better to do with their time. Thanks all for the comments and advice. And sorry if this type of dialogue isn't very interesting...I'll try and think of a obligatory MS Bash or Linux Boast later when I'm finished having fun learning this stuff. (tongue placed firmly in cheek) Sharky
