Re: TCP wrapper and sendmail
Jon Dowland wrote:
> On Wed, Jan 03, 2007 at 09:05:05AM -0600, Amal Phadke wrote:
>> I would like to reject mails from IPs without reverse DNS
>> with "sendmail: ALL EXCEPT UNKNOWN" line in
>> /etc/hosts.allow. (Mail originating from such IPs is
>> almost exclusively spam).
> A rule like "ALL EXCEPT UNKNOWN" will not permit connections
> from bad-rdns hosts, but there's nothing that will stop them
> afterwards. You need either sendmail: ALL in /etc/hosts.deny
> or sendmail: PARANOID.
> Debian did have "ALL: PARANOID" in /etc/hosts.deny for a
> while, maybe this is what has changed for you?
Thanks for your reply. The problem seems to be deeper than that. Even if
I say "sendmail: ALL : DENY" in /etc/hosts.allow, sendmail still accepts
connection from any host. I know there is no problem with tcpwrappers
since it controls ssh connections properly as stated in the hosts.allow
file. But with sendmail, it is as if it completely ignores hosts.allow
directives even though "sendmail -d0.1" tells me that tcpwrapper support
is compiled in. I am at lost to figure out why.