From owner-freebsd-questions@FreeBSD.ORG Wed Sep 13 16:59:13 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 99A7516A403 for ; Wed, 13 Sep 2006 16:59:13 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.187.76.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4524643D7C for ; Wed, 13 Sep 2006 16:58:52 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from [IPv6:::1] (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.13.8/8.13.8) with ESMTP id k8DGv2A6011605; Wed, 13 Sep 2006 17:57:02 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) Authentication-Results: smtp.infracaninophile.co.uk from=m.seaman@infracaninophile.co.uk; sender-id=softfail; spf=softfail X-SenderID: Sendmail Sender-ID Filter v0.2.14 smtp.infracaninophile.co.uk k8DGv2A6011605 Message-ID: <45083857.40405@infracaninophile.co.uk> Date: Wed, 13 Sep 2006 17:56:55 +0100 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 1.5.0.5 (X11/20060801) MIME-Version: 1.0 To: Giorgos Keramidas References: <45082E5C.5040503@daleco.biz> <20060913163722.GA62734@gothmog.pc> In-Reply-To: <20060913163722.GA62734@gothmog.pc> X-Enigmail-Version: 0.94.0.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enigE185DD77B070AA2CC1890615" X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (smtp.infracaninophile.co.uk [IPv6:::1]); Wed, 13 Sep 2006 17:57:22 +0100 (BST) X-Virus-Scanned: ClamAV 0.88.4/1875/Wed Sep 13 10:19:58 2006 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-0.8 required=5.0 tests=AWL,BAYES_00,BIZ_TLD, DKIM_POLICY_TESTING, NO_RELAYS, SPOOF_NET2COM autolearn=no version=3.1.5 X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on happy-idiot-talk.infracaninophile.co.uk Cc: questions@freebsd.org Subject: Re: sendmail and hosts_access(5) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Sep 2006 16:59:13 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigE185DD77B070AA2CC1890615 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Giorgos Keramidas wrote: > On 2006-09-13 11:14, Kevin Kinsey wrote: >> Hello all, >> >> I am attempting to block an SMTP server with /etc/hosts.allow: >> >> ---------------------------------------------------------- >> Received: from 241net251.net.zeork.com.pl (241net251.net.zeork.com.pl >> [194.117.241.251] (may be forged)) >> ---------------------------------------------------------- >> [506] Tue 12.Sep.2006 20:55:44 >> [kadmin@archangel][~] >> #ssh kadmin@elisha grep zeork /home/kadmin/spammers >> .net.zeork.com.pl >> >> [507] Tue 12.Sep.2006 20:56:55 >> [kadmin@archangel][~] >> #ssh kadmin@elisha grep /home/kadmin/spammers /etc/hosts.allow >> sendmail : /home/kadmin/spammers : deny >> -------------------------------------------------------------- >> >> hosts_access(5) says this: >> The access control language implements the following patterns: >> * A string that begins with a `.' character. A host >> name is matched if the last components of its name match the >> specified pattern. For example, the pattern `.tue.nl' matches >> the host name `wzv.win.tue.nl' >> >> So, why does my server continue accepting SMTP connections from=20 >> "241net251.net.zeork.com.pl" ? >> >> Thoughts, pointers, gentle kicks on the bum welcomed. >=20 > I don't think you can have the hostnames in a separate "map file" and > then reference this file from /etc/hosts.allow. hosts.allow triggers special behaviour with sendmail. Unlike other servi= ces which just close the connection immediately, with sendmail what happens i= s that it will accept the connection, let the sender attempt to send e-mail, but then respond with a 500 'permanent failure' code. The reason for that is fairly simple: if a MTA gets no answer when trying= to connect to a server and deliver e-mail, then the standards say it shou= ld requeue the message and try again for up to 5 days. The only way to get = the sending MTA to give up immediately is to issue a SMTP 500 error code. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enigE185DD77B070AA2CC1890615 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFCDhd8Mjk52CukIwRCJdYAJsHmCo4TZ+ZKVoLz0Vi17aQgjd7tgCfYrSx aq/7JjB+0ShPosmUJ6MO0LY= =zeht -----END PGP SIGNATURE----- --------------enigE185DD77B070AA2CC1890615--