You can either add him to hosts.deny,
or add his.ip.here. reject to your access file in /etc/mail you can do custom reject messages too. If its an ISP you know you wont get alot of traffic from just block the whole ip-block. Best way to kill attempted relaying so is to use Cyrus sasl to do smtp auth. by adding define(`confAUTH_OPTIONS', `A')dnl TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl to your sendmail.mc file then use [EMAIL PROTECTED] mail]# saslpasswd someuser Password: Again (for verification): [EMAIL PROTECTED] mail]# to add the passwd to the salsdb. I'm assuming you're using sendmail, if its a default RH 7.3 install cyrus will already be compiled into sendmail other wise you will have to recompile it with cyrus support. Florian -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Erich S. Sent: Tuesday, September 24, 2002 10:26 PM To: [EMAIL PROTECTED] Subject: [luau] Blocking mail relayers Hiya, Still getting used to my new RH 7.3 setup, and was wondering about some logwatch entries I've been getting. I see entries in logwatch showing a lot of mail for unknown users. They have what appear to be random names with my domain attached to the end. There was a whole slew of them all generated by this IP: relay=rlkal1a009.comtech-data.se [194.198.208.9] (may be forged) How can I be sure I'm not relaying for this scumball? How can I just block him completely? Are there any good test tools out there for making sure I'm not letting any scum get through? Thanks in advance! Erich _______________________________________________ LUAU mailing list [EMAIL PROTECTED] http://videl.ics.hawaii.edu/mailman/listinfo/luau