Tugger the SLUGger!SLUG Mailing List Archives

RE: [SLUG] Configuration of sendmail to only accept mail from localhost


what about limiting in /etc/hosts.allow as well ?

-----Original Message-----
From: slug-admin@xxxxxxxxxxx [mailto:slug-admin@xxxxxxxxxxx]On Behalf Of
Howard Lowndes
Sent: Sunday, 12 May 2002 7:36 AM
To: s4565@xxxxxxxxxxx
Cc: slug@xxxxxxxxxxx
Subject: Re: [SLUG] Configuration of sendmail to only accept mail from
localhost


Why do it in ipchains, why not do it in the sendmail.cf file.

Have a look at RH 7.1 or 7.2 (and maybe 7.0), that has localhost-only
access as the default.

On Sun, 12 May 2002 s4565@xxxxxxxxxxx wrote:

> Hi
>
> I am trying to set up ipchains to only allow sendmail to send/process/?
mail which is sent from my local machine
> 127.0.0.1(The machine I am running sendmail on).  Currently the default
settings from Redhat 7.2 are
>
> [snip]
> :input ACCEPT
> :forward ACCEPT
> :output ACCEPT
> -A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
> [snip]
>
> in /etc/sysconfig/ipchains
>
> which when I run ipchains --list gives me
>
> ot@shiomi root]# ipchains --list
> [snip]
> Chain input (policy ACCEPT):
> target     prot opt     source                destination           ports
> ACCEPT     udp  ------  dns2.wakwak.com      anywhere
             domain ->   1025:65535
> ACCEPT     udp  ------  dns2.wakwak.com      anywhere
             domain ->   1025:65535
> ACCEPT     udp  ------  dns1.wakwak.com      anywhere
             domain ->   1025:65535
> ACCEPT     tcp  -y----  anywhere             anywhere              any ->
smtp
> [snip]
>
> which to me looks a bit of a worry...I am not sure I like the "any-> smtp"
part, does this mean at the moment anyone
> can use my machine to send email?  What I want to know is what do I need
to do to both the /etc/sysconfig/ipchains file
> and /etc/sendmail* files to make it so my sendmail program will only
process "email send requests"(not sure of the
> right term here) from my local machine 127.0.0.1
>
> Cheers
>
> Tony
>
>

--
Howard.
LANNet Computing Associates - Your Linux people
Contact detail at http://www.lannetlinux.com
 "I believe that forgiving them [terrorists] is God's function.
 Our job is simply to arrange the meeting."
   - General "Storm'n" Norman Schwartzkopf

--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug