Re: sendmail and hosts_access(5)

Wed, 13 Sep 2006 10:04:03 -0700 

Giorgos Keramidas wrote:
> On 2006-09-13 11:14, Kevin Kinsey <[EMAIL PROTECTED]> wrote:
>> Hello all,
>>
>> I am attempting to block an SMTP server with /etc/hosts.allow:
>>
>> ----------------------------------------------------------
>> Received: from 241net251.net.zeork.com.pl (241net251.net.zeork.com.pl
>> [194.117.241.251] (may be forged))
>> ----------------------------------------------------------
>> [506] Tue 12.Sep.2006 20:55:44
>> [EMAIL PROTECTED]
>> #ssh [EMAIL PROTECTED] grep zeork /home/kadmin/spammers
>> .net.zeork.com.pl
>>
>> [507] Tue 12.Sep.2006 20:56:55
>> [EMAIL PROTECTED]
>> #ssh [EMAIL PROTECTED] grep /home/kadmin/spammers /etc/hosts.allow
>> sendmail : /home/kadmin/spammers : deny
>> --------------------------------------------------------------
>>
>> hosts_access(5) says this:
>>       The access control language implements the following patterns:
>>        * A string that begins with  a  `.'  character.  A  host
>>      name is matched  if the last components of its name match the
>>      specified pattern.  For example, the pattern `.tue.nl'  matches
>>      the host name `wzv.win.tue.nl'
>>
>> So, why does my server continue accepting SMTP connections from 
>> "241net251.net.zeork.com.pl" ?
>>
>> Thoughts, pointers, gentle kicks on the bum welcomed.
> 
> I don't think you can have the hostnames in a separate "map file" and
> then reference this file from /etc/hosts.allow.

hosts.allow triggers special behaviour with sendmail.  Unlike other services
which just close the connection immediately, with sendmail what happens is
that it will accept the connection, let the sender attempt to send
e-mail, but then respond with a 500 'permanent failure' code.

The reason for that is fairly simple: if a MTA gets no answer when trying
to connect to a server and deliver e-mail, then the standards say it should
requeue the message and try again for up to 5 days.  The only way to get the
sending MTA to give up immediately is to issue a SMTP 500 error code.

        Cheers,

        Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
                                                      Kent, CT11 9PW

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to