Re: tcprules problems

Johan Almqvist Thu, 16 Aug 2001 06:59:55 -0700
* martin <[EMAIL PROTECTED]> [010816 15:49]:
> >Have you not read the documentation for tcprules?
> I have.  It`s printed out. But they are not clear. as per the docs. The few 
> examples mainly relate to IP addresses. Except for one host example.
> e.g.   -   tcprules.html   Second page.  For example, here are some rules:
> [EMAIL PROTECTED]:first
> etc.
> No  =   in that example.

127.0.0.1 is an ip address, not a domain name...
ip addresses do not need =, host names do.
127.0.0.1:allow
=localhost:allow

> >A rule with a hostname need to look like this:
> >=s2u2.com:deny
> >(note the =) and make sure that reverse lookup is activated in your
> >startup script...
> >If you use @, this will check against the ident info for the connection,
> >not the email address...
> > > Problem #2
> > > Further, I noted I received a mail from [EMAIL PROTECTED] to one account, even
> > > though this should have been denied.
> > > I then tried mconnect and tried several addresses of the form host@domain
> > > of e-mail addresses AND domains and the mails were successfully received,
> > > ie. despite having deny against those addresses and domains, the mails
> > > were successfully delivered.
> > > Any hints ?
> >E-mail addresses can't be blocked with tcprules. They are blocked in
> >/var/qmail/control/badmailfrom
> Are you saying that e-mail addresses can`t be denied, but they are allowed e.g.
> [EMAIL PROTECTED]:allow   apparently is legal but
> [EMAIL PROTECTED]:deny  is not.???

[EMAIL PROTECTED]:allow is not legal.
joe@=anyplace.com:allow would be legal.
[EMAIL PROTECTED]:allow would also be legal.

(and with deny)

However, joe@=anyplace.com would not block messages with the envelope
sender [EMAIL PROTECTED] (or joe@=anyplace.com), but CONNECTIONS from the
host anyplace.com where the connection is initiated by the user joe.

If you want to block messages with envelope sender [EMAIL PROTECTED], you
need to put that address into /var/qmail/control/badmailfrom.

> Does anyone have a better document that gives more explicit examples and 
> descriptions.
> http://cr.yp.to/ucspi-tcp has to be the worst of al djb`s documents in my 
> opinion

-Johan
-- 
Johan Almqvist
http://www.almqvist.net/johan/qmail/
PGP signature
Re: tcprules problems

Reply via email to
