Giorgos Keramidas wrote: > On 2006-09-13 11:14, Kevin Kinsey <[EMAIL PROTECTED]> wrote: >> Hello all, >> >> I am attempting to block an SMTP server with /etc/hosts.allow: >> >> ---------------------------------------------------------- >> Received: from 241net251.net.zeork.com.pl (241net251.net.zeork.com.pl >> [194.117.241.251] (may be forged)) >> ---------------------------------------------------------- >> [506] Tue 12.Sep.2006 20:55:44 >> [EMAIL PROTECTED] >> #ssh [EMAIL PROTECTED] grep zeork /home/kadmin/spammers >> .net.zeork.com.pl >> >> [507] Tue 12.Sep.2006 20:56:55 >> [EMAIL PROTECTED] >> #ssh [EMAIL PROTECTED] grep /home/kadmin/spammers /etc/hosts.allow >> sendmail : /home/kadmin/spammers : deny >> -------------------------------------------------------------- >> >> hosts_access(5) says this: >> The access control language implements the following patterns: >> * A string that begins with a `.' character. A host >> name is matched if the last components of its name match the >> specified pattern. For example, the pattern `.tue.nl' matches >> the host name `wzv.win.tue.nl' >> >> So, why does my server continue accepting SMTP connections from >> "241net251.net.zeork.com.pl" ? >> >> Thoughts, pointers, gentle kicks on the bum welcomed. > > I don't think you can have the hostnames in a separate "map file" and > then reference this file from /etc/hosts.allow.
hosts.allow triggers special behaviour with sendmail. Unlike other services which just close the connection immediately, with sendmail what happens is that it will accept the connection, let the sender attempt to send e-mail, but then respond with a 500 'permanent failure' code. The reason for that is fairly simple: if a MTA gets no answer when trying to connect to a server and deliver e-mail, then the standards say it should requeue the message and try again for up to 5 days. The only way to get the sending MTA to give up immediately is to issue a SMTP 500 error code. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature