Subject: Re: DNS-based firewalling?
To: None <>
From: Mike Parson <>
List: netbsd-users
Date: 02/07/2005 10:12:54
On Sun, Feb 06, 2005 at 05:36:53PM +0000, Matthias Scheler wrote:
> In article <>,
> 	Florian Stoehr <>writes:
>> I want to block all (ALL!) SMTP traffic from the whole "" 
>> IP address range for my private mail server.
> Try adding something like this in "/etc/hosts.allow":
> sendmail: ALL EXCEPT
> They'll be able to get a SMTP connection but not to deliver e-mail.
> But I would really recomment to use a better technology like e.g.
> Greylisting.

I've gotta second the greylisting suggestion, the greatest thing to
happen to email since SpamAssassin. =) Both of them together, I get <1
spam/month in my INBOX.  The 8 or so I got in the last 48 hours wound up
in my spam folder for later perusal.

The better way to block a domain is in the mail access file:

/etc/mail/access	REJECT

makemap hash access <access

kill -HUP `head -1 /var/run/`

My access file has nearly 400 such lines in it. =) Most of it is from
the pre-SA/pre-GL days, but it still serves it's purpose (according to
graphdefang, 2058 rejected messages in the last 48 hours, for all of, 8 active users).

Michael Parson