Urgent help -- How to deny access to sendmail??

**Lakshmipathi** · 12-09-2007

Hi all,
I want to accept 2 connections(10.182.4.113 and 10.182.3.113) and deny all other connections to my sendmail server.

my access tablle entry is

Code:

/etc/mail/access
# by default we allow relaying from localhost...
localhost.localdomain           RELAY
localhost                       RELAY
127.0.0.1                       RELAY
10.182.4.113                    RELAY
10.182.3.113                    RELAY

Look forward for your help

**hazel** · 12-09-2007

You could use iptables to accept tcp traffic to your smtp port (I think this is port 25) from these two addresses, then reject it from any other source.

**mazer** · 12-09-2007

Originally Posted by Lakshmipathi

Hi all,
I want to accept 2 connections(10.182.4.113 and 10.182.3.113) and deny all other connections to my sendmail server.

my access tablle entry is

Code:

/etc/mail/access
# by default we allow relaying from localhost...
localhost.localdomain           RELAY
localhost                       RELAY
127.0.0.1                       RELAY
10.182.4.113                    RELAY
10.182.3.113                    RELAY

Look forward for your help

You could also use hosts.deny and hosts.allow in order to configure your system.
For example, in hosts.deny you could write:
sendmail: ALL

And in hosts.allow:
sendmail: "the ip address you want to allow"

I am not sure if the syntax of hosts.allow and hosts.deny changes depending on the OS.
Just type "man hosts.allow" and "man hosts.deny" to find more information for your OS.

Cheers,
Mazer

**Lakshmipathi** · 12-10-2007

Thanks hazel & mazer.
As i don't know abt iptables,I think modifing /etc/hosts.allow , hosts.deny suits my requirement.I read about these two and found a new file /etc/inetd.conf.
Do i need to create this inetd.conf file too? currently i don't have this file.

**mazer** · 12-10-2007

Originally Posted by Lakshmipathi

Thanks hazel & mazer.
As i don't know abt iptables,I think modifing /etc/hosts.allow , hosts.deny suits my requirement.I read about these two and found a new file /etc/inetd.conf.
Do i need to create this inetd.conf file too? currently i don't have this file.

Hi Lakshmipathi,
you do not need the /etc/inetd.conf. I even like that you do not have installed that service.
inetd.conf configures some daemons like ftpd, telnetd, fingerd and so on that you do not really need (these days) and that are only a security risk. Inetd.conf handles how these daemons have to respond when somebody from the internet tries to access your computer using those daemons. I do not think that you can use inetd to restrict sendmail, but I am not sure about that. I am sure however that hosts.allow and hosts.deny do this job as well. When I configure my computers I always try to deinstall all services (daemons) which are not really necessary in order to decrease the security risk on these machines.

Hope this helps,
Mazer

**Lakshmipathi** · 12-11-2007

.Thanks mazer...Thanks for valuable info.

Thread Tools

Display

Urgent help -- How to deny access to sendmail??

Posting Permissions