Re: sendmail/smail with relaying blocks?
On Fri, 9 May 1997, Tim Cutts wrote:
> My exim package currently allows relaying; as Craig points out below, what
> you allow relaying to/from is extremely site-dependent. I think it is
> more sensible to allow relaying by default; without it remote mail from
> Eudora and the like will fail, and I'd rather it worked by default.
i (mostly) agree with this. I think i'll just package the files, along with
whatever documentation, readme's, URL references etc i can find, and leave
everything turned off by default.
> > As far as i can tell, if you block relaying by IP address, you have
> > to list every individual IP address in the LocalIP file. You can't
> > just specify a network address and a netmaks (e.g. 192.168.1.0/24)
>
> In exim you can restrict it to certain networks. For example, my SG
> site restricts relaying to hosts in 131.111, like so:
i just looked at the sendmail hacks again (there's a new version which
has some new features) and you can specify whole networks just by
leaving off the final IP address. e.g. to allow 203.16.167.0/24 you list
"203.16.167" in /etc/mail/LocalIP.
it would be better if it understood netmasks.
> > 2. do we (debian) distribute a 'Spammers' and 'SpamDomains' file with the
> > package? what are the legal ramifications of doing that?
>
> That's unfeasible. The list grows too fast.
yeah, i know.
except example purposes, it's probably pointless to try to include a list.
> We try to maintain one here in Cambridge, and I have long since given
> up trying to keep up.
My personal procmailrc filters out potential spam into a separate
folder. every so often i go through it and extract email addresses and
spam domains to add to my list.
> and I also reject mail from certain hosts and networks entirely:
>
> sender_net_reject_recipients = 205.199.212.0/255.255.255.0
> sender_host_reject_recipients = 204.127.131.33:38.8.32.2:38.8.45.2:38.8.200.2:20
> 6.142.102.1
The latest version of the sendmail hacks has a feature like this...it's
probably better than trying to keep firewall rules up to date.
craig
--
craig sanders
networking consultant Available for casual or contract
temporary autonomous zone system administration tasks.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: