On Mon, May 14, 2001 at 12:35:32PM +0000, Mark Delany wrote:
>
> =.:allow
> :deny
>
Close. To achieve this, the tcp.smtp file should actually contain:
=:allow
:deny
I just experimented with both forms. With the dot, nothing matched,
including hosts with good forward/reverse resolvability. Without it,
only sites for which tcpserver didn't unset TCPREMOTEHOST matched.
This, of course, is exactly the desired behavior. As already
mentioned in this thread, tcpserver -p unsets TCPREMOTEHOST when the
name obtained by reverse lookup can't be resolved to the original IP.
Consequently, for such an (arguably) undesirable client IP, no match
occurs at the "=:allow" line in the above tcp.smtp settings, since the
"=" token only matches when TCPREMOTEHOST is defined. The ":deny"
line then rejects those undesirable clients as they fall through.
Just to be thorough, even if obvious, I'll also mention that these two
lines must appear LAST in your tcp.smtp file.
