Subject: Re: DNS-based firewalling?
To: None <netbsd-users@NetBSD.org>
From: Mike Parson <email@example.com>
Date: 02/07/2005 10:12:54
On Sun, Feb 06, 2005 at 05:36:53PM +0000, Matthias Scheler wrote:
> In article <Pine.NEB.firstname.lastname@example.org>,
> Florian Stoehr <email@example.com>writes:
>> I want to block all (ALL!) SMTP traffic from the whole "attbi.com"
>> IP address range for my private mail server.
> Try adding something like this in "/etc/hosts.allow":
> sendmail: ALL EXCEPT .attbi.com
> They'll be able to get a SMTP connection but not to deliver e-mail.
> But I would really recomment to use a better technology like e.g.
I've gotta second the greylisting suggestion, the greatest thing to
happen to email since SpamAssassin. =) Both of them together, I get <1
spam/month in my INBOX. The 8 or so I got in the last 48 hours wound up
in my spam folder for later perusal.
The better way to block a domain is in the mail access file:
makemap hash access <access
kill -HUP `head -1 /var/run/sendmail.pid`
My access file has nearly 400 such lines in it. =) Most of it is from
the pre-SA/pre-GL days, but it still serves it's purpose (according to
graphdefang, 2058 rejected messages in the last 48 hours, for all of
bl.org, 8 active users).