Problem with local IP addresses in check_rcpt rule set

Problem with local IP addresses in check_rcpt rule set

Post by Josee Robichau » Tue, 12 May 1998 04:00:00



Hi,

what I want to do is to deny use of my smtp server to all Ip addresses
except the one I've indicated in the file
/etc/mail/LocalIP. To do that, I use the followinf rule set:

Scheck_rcpt
# make sure you have TABs here, not BLANKs! sendmail will complain
# first: get client address
R$+                     $: $(dequote "" $&{client_addr} $) $| $1

-bs

# next: get client name
R$* $| $+               $: $(dequote "" $&{client_name} $) $| $2




# not local, check rcpt
R$* $| $*               $: $>3 $2
# remove local part


# now get and canonify the FROM address
R$*                     $: $1 $| $>3 $(dequote "" $&f $)
# compare it with an "allowed" domain

# match: ok

# nope, it's a relay attempt

It partly works because I'ce succeeded to send email only to the local
recipient but the server accept all the IP addresses except the one
indicated in the file /etc/mail/junk to stop receiving junk mail.

Is there on way to tell to sendmail deny from all, accept only the
following addresses in LocalIP.

Thanks for you help

Josee Robichaud
--
__________________________________________________________________

Josee Robichaud, M.Sc.
Unix System Administrator
Rseau Internet Qubec Inc.

(418)521.2884 (Voice)/(418)522.2602 (Fax)
(514)875-5351 (Voice)
                              http://www.riq.qc.ca

 
 
 

Problem with local IP addresses in check_rcpt rule set

Post by Claus Assma » Wed, 13 May 1998 04:00:00


Quote:Josee Robichaud writes:
>what I want to do is to deny use of my smtp server to all Ip addresses
>except the one I've indicated in the file
>/etc/mail/LocalIP. To do that, I use the followinf rule set:
>Scheck_rcpt

[well-known (?) ruleset removed]

Quote:>Is there on way to tell to sendmail deny from all, accept only the
>following addresses in LocalIP.

You don't want to receive any mail from addresses other than
those listed in
/etc/mail/LocalIP ?

The ruleset you use "just" denies unauthorized relaying,
it's not intended for this purpose.
You may use check_relay instead:

Scheck_relay



This isn't tested, please try it on a test machine first!

Regards,

Claus Assmann
--
[Please don't send me copies of usenet postings. Thanks!]
<URL: http://www.informatik.uni-kiel.de/%7Eca/ >

 
 
 

Problem with local IP addresses in check_rcpt rule set

Post by Josee Robichau » Wed, 13 May 1998 04:00:00



> You don't want to receive any mail from addresses other than
> those listed in
> /etc/mail/LocalIP ?

Sorry, my question wasn't clear!

It's not exactly what I want. If someone doesn't have an IP address
defined in LocalIP, he can't use my email server has smtp server but
everybody can send email to a user defined on my server.

For example, my IP class is 199.84.128. So when someone has an address
that isn't in my class, he can't send e mail using my server whatever if
he send it to someone on my server. But I must to be able to received
email destinated to someone on my server if he use another mail server
than mine.

The rule you've indicated below works fine. Nobody can use the email
server if the IP address is not in LocalIP whatever if he uses my email
server or not to send the courrier.

JR

> The ruleset you use "just" denies unauthorized relaying,
> it's not intended for this purpose.
> You may use check_relay instead:

> Scheck_relay



> This isn't tested, please try it on a test machine first!

--
__________________________________________________________________

Josee Robichaud, M.Sc.
Unix System Administrator
Rseau Internet Qubec Inc.

(418)521.2884 (Voice)/(418)522.2602 (Fax)
(514)875-5351 (Voice)
                              http://www.riq.qc.ca

 
 
 

Problem with local IP addresses in check_rcpt rule set

Post by Claus Assma » Thu, 14 May 1998 04:00:00


Quote:Josee Robichaud writes:
>It's not exactly what I want. If someone doesn't have an IP address
>defined in LocalIP, he can't use my email server has smtp server but
>everybody can send email to a user defined on my server.

That's exactly what the ruleset you use does
(unless I misunderstand you...).

You may have a look at:

http://www.informatik.uni-kiel.de/%7Eca/email/chk-misc.html
                ('%7E' is the required encoding for '~')

for an explanation of the way the ruleset works.
It should be the same as you require.

Regards,

Claus Assmann
--
[Please don't send me copies of usenet postings. Thanks!]
<URL: http://www.informatik.uni-kiel.de/%7Eca/ >

 
 
 

1. check_rcpt by destination IP address - possible?

I have inherited a machine running sendmail that seems to have become a
favorite target of spammers relaying UCE crap through it.  Unfortunately,
it is the production email server for a large customer base, and also
acts as an MX host for an unknown amount of customer domain names, which
is limiting what I can do as far as relay blocking based on domain/hostname.

I have been looking at check_rcpt as a solution towards blocking some
of this relaying, but it looks to function based on host or domain name
and not based on IP address.  It is a non-trivial (i.e. nigh impossible)
for me to get a list of the domain names (that might change daily) that
might have MX records pointed to this mail server, however, it is
very easy for me to get a list of IP network addresses instead.

So what I would like to do is set up a sendmail filter that will accept
email relaying for email from an outside source iff the destination
of the email exists within a list of IP networks.  (The reverse,
allowing email to be relayed from the inside list of IP address to the
outside world already seems to be implemented.)

So, is this possible with check_rcpt, or is there some other way to do
this?  I've looked around at all the anti-spam sites and references I
can find, but cannot find anything which quite matches this specification,
though it is possible I might have overlooked something.

This one machine gets hit about three times a week with spammers from
all sorts of dial-up accounts/providers, and has been dumped into my
lap to try to fix.

Thanks,
Kim

2. How to use P-file with runtime server ?

3. Filtering mail by IP address in check_rcpt redux

4. Help with BASIC calls

5. check_rcpt being passed G.M.T., not ip address in {client_addr}

6. Denying ICMP on outside of PIX520

7. How to configure sendmail when addressing by IP addresses (user@[ip-address-of-sendmail-host])?

8. set TU81+ 's LUN

9. Where are the specs for setting up Internet and mail through an .ins file?

10. What Rule checks for local delivery on an address, using aliases, before sending out?

11. check_rcpt rule

12. rule set voyage of envelope return address to mailagent

13. help with a check_rcpt rule