Firewalls work wonders in cases like this one where you can easily say accept from this and that ip but reject all others, and SuSEFirewall is quite a good package, take a look at that Volker Tanner wrote:
On Tue, Oct 24, 2000 at 15:10 +0200, Kai seefeldt wrote:
Hi, i just found out that some spammers use my webserver by relaying e-mails over it. I have sendmail 8.9.3 installed. How can I stop relaying form any host, but allow sending e-mails with my "outlook Express" fom at home? PLEACE help me! Thanks a lot.
I'm not sure but I think sendmail has some builtin anti-spam- features. 1stly make a /etc/mail/access wich contains lines like
----------------------snip----------------------------------------
# With this file you can control the access # to your mailserver, example: # # cyberspammer.com 550 We don't accept mail from spammers # okay.cyberspammer.com OK # sendmail.org OK # 128.32 RELAY # # Take a look at /usr/share/sendmail/README for a full description #
# internal mails (local network, our domain) kade.de RELAY 172.16.1 RELAY 172.17.1 RELAY 127 RELAY
# some spammers I got mail from, block them with errormessage canada.com 550 We don't accept mail from spammers bbervicejack@yahoo.com 550 We don't accept mail from spammers bbluckyuser@yahoo.com 550 We don't accept mail from spammers dsahckcsf@yahoo.com 550 We don't accept mail from spammers sadyboy@yahoo.com 550 We don't accept mail from spammers vger_service@tiger.com 550 We don't accept mail from spammers cavfreeuser@yahoo.com 550 We don't accept mail from spammers pchome.com.tw 550 We don't accept mail from spammers
------------------------snip---------------------------------------
insert a line
FEATURE(`access_db', `hash -o /etc/mail/access.db')dnl
into your sendmail.mc and rebuild sendmail.cf or include lines similar to
# Access list database (for spam stomping) Kaccess hash -o /etc/mail/access.db
[...]
###################################################################### ### LookUpDomain -- search for domain in access database ### ### Parameters: ### <$1> -- key (domain name) ### <$2> -- default (what to return if not found in db) ### <$3> -- passthru (additional data passed unchanged through) ######################################################################
SLookUpDomain R<$+> <$+> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <$3> R<?> <$+.$+> <$+> <$*> $@ $>LookUpDomain <$2> <$3> <$4> R<?> <$+> <$+> <$*> $@ <$2> <$3> R<$*> <$+> <$+> <$*> $@ <$1> <$4>
###################################################################### ### LookUpAddress -- search for host address in access database ### ### Parameters: ### <$1> -- key (dot quadded host address) ### <$2> -- default (what to return if not found in db) ### <$3> -- passthru (additional data passed through) ######################################################################
into your sendmail.cf. Then restart sendmail and you should be done. I'd always prefer editing the sendmail.mc and build a new sendmail.cf. It looks more comfortable to me. But that's just MHO.
To be sure, have a look at /usr/share/sendmail/README, it's really interesting.
HTH Greetings Volker
-- The main failure in computers is usually between keyboard and chair. (unknown) Volker Tanner
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- ________________________________________________________ Duane Kehoe Phone # 414.908.1814 MIS Department Fax # 414.908.1814 Weyco Group, Inc. Email: dkehoe@weycogroup.com