Ross S. W. Walker wrote:
If you have interfaces on the public Internet, then by all means
firewall them, if you need to allow SMTP traffic over those public
interfaces then allow port 25 from any host to localhost and use
Nomachine except yourself can talk to _your_ localhost because (almost)
everyone has their own localhost interface, and any attempt to talk to
localhost on another machine will fail, even if you set up your own to
do without localhost, because everyone's routing tables won't send the
traffic anywhere useful.
If you don't mean the interface (lo on linux) with ip address 127.0.0.1
(and hostname localhost), then don't use the name localhost.
sendmail's access controls (/etc/mail/access) to determine who can send
mail locally, relay mail etc. It's easier to control SMTP access within
SMTP application then through firewall which handles traffic at a lower
level.
years ago when I used sendmail, I found myself perpetually confused
about the sendmail access rules (and mail in general) and could never
get rules that worked. Possibly, part of the problem then was I'd not
learned to not trust any information provided by those trying to send
mail to me. For example:
I've just had a mishap with my mail service, I ran out of disk space and
caused lots of mail errors. Some of the mail I couldn't accept came from
hosts that introduced themselves:
ehlo friend
or
ehlo mail.home.intern
Obviously lies, so I tightened my postfix rules to reject incomplete
hostnames (friend) and unknown hosts (mail.home.intern).
When I was fiddling with sendmail's access rules, I was looking at
blocking email addresses, "from" domains, subjects & such. Absolutely
useless, of course, on my small scale.
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx
Please do not reply off-list
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
