From owner-freebsd-questions  Wed Jan 28 15:30:12 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA16370
          for questions-outgoing; Wed, 28 Jan 1998 15:30:12 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from cedb.dpcsys.com (cedb.dpcsys.com [206.16.184.4])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA16318
          for <questions@freebsd.org>; Wed, 28 Jan 1998 15:29:49 -0800 (PST)
          (envelope-from dan@dpcsys.com)
Received: from localhost (dan@localhost) by cedb.dpcsys.com (8.8.5/8.8.2) with SMTP id XAA23918; Wed, 28 Jan 1998 23:29:58 GMT
Date: Wed, 28 Jan 1998 15:29:58 -0800 (PST)
From: Dan Busarow <dan@dpcsys.com>
To: Cliff Addy <fbsdlist@federation.addy.com>
cc: questions@FreeBSD.ORG
Subject: Re: Stopping mail relaying (again)
In-Reply-To: <Pine.BSF.3.95q.980128171042.17011A-100000@federation.addy.com>
Message-ID: <Pine.UW2.3.95.980128150327.20796F-100000@cedb>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk

On Wed, 28 Jan 1998, Cliff Addy wrote:
> > Use Claus Assman's rules.  See http://www.beach.net/~dan for
> > the URL and some notes on how the rules work.
> 
> Like all the others, this seems to assume that I know what ip addresses
> spam is coming from. 

No, it assumes you know what addresses you consider local to your
system.  As an added bonus, if you also happen to know the
netblocks of a spammer you can easily reject them here.

>                 I don't, my clients can be ANYWHERE.  I need to
> reject email based on their return or sending addresses, NOT the ip.  I
> need to have a file with a list of "allowed" domain names.  If abc.com is
> in the file, then mail to or from abc.com is allowed, REGARDLESS of
> whether the sending machine is abc.com

The IP address tests at the beginning of Claus' rules are a very
convenient short cut before getting into the more expensive
tests that follow.  The rules do provide for testing recipient
domains against a list of names.

The rules do assume that you only allow users on your network
to _originate_ mail and LocalIP handles that very well.  If
you want to allow a client who uses an, eg, AOL dialup to send 
mail using your mail server use the rules from

http://hexadecimal.uoregon.edu/antirelay/

> I know this may sound a little testy, but I'm getting lots of email along
> the lines of "hey, dumbass, use the rules posted on xxxx" when those
> rulesets don't address my needs at all.

You need to phrase your question better.  I don't remember
your saying that you wanted a client to be able to use your
server from any account, anywhere.  You may have, but I
don't remember it.

Dan
-- 
 Dan Busarow                                                  714 443 4172
 DPC Systems / Beach.Net                                    dan@dpcsys.com
 Dana Point, California  83 09 EF 59 E0 11 89 B4   8D 09 DB FD E1 DD 0C 82