sendmail and hosts_access(5)

Giorgos Keramidas keramida at ceid.upatras.gr
Wed Sep 13 20:12:39 PDT 2006 

On 2006-09-13 19:37, Giorgos Keramidas <keramida at ceid.upatras.gr> wrote:
> On 2006-09-13 11:14, Kevin Kinsey <kdk at daleco.biz> wrote:
> > Hello all,
> > 
> > I am attempting to block an SMTP server with /etc/hosts.allow:
> > 
> > ----------------------------------------------------------
> > Received: from 241net251.net.zeork.com.pl (241net251.net.zeork.com.pl
> > [194.117.241.251] (may be forged))
> > ----------------------------------------------------------
> > [506] Tue 12.Sep.2006 20:55:44
> > [kadmin at archangel][~]
> > #ssh kadmin at elisha grep zeork /home/kadmin/spammers
> > .net.zeork.com.pl
> > 
> > [507] Tue 12.Sep.2006 20:56:55
> > [kadmin at archangel][~]
> > #ssh kadmin at elisha grep /home/kadmin/spammers /etc/hosts.allow
> > sendmail : /home/kadmin/spammers : deny
> > --------------------------------------------------------------
> > 
> > hosts_access(5) says this:
> >       The access control language implements the following patterns:
> >        * A string that begins with  a  `.'  character.  A  host
> > 	name is matched  if the last components of its name match the
> > 	specified pattern.  For example, the pattern `.tue.nl'  matches
> > 	the host name `wzv.win.tue.nl'
> > 
> > So, why does my server continue accepting SMTP connections from 
> > "241net251.net.zeork.com.pl" ?
> > 
> > Thoughts, pointers, gentle kicks on the bum welcomed.
> 
> I don't think you can have the hostnames in a separate "map file" and
> then reference this file from /etc/hosts.allow.

... and I'm wrong of course.  Alex Zbyslaw pointed out that I had missed
the part of the manpage which refers to this:

    o    A string that begins with a `/' character is treated as a file
         name.  A host name or address is matched if it matches any host
         name or address pattern listed in the named file. The file for-
         mat  is zero  or more  lines  with zero  or more  host name  or
         address patterns separated by  whitespace.  A file name pattern
         can  be used anywhere  a host  name or  address pattern  can be
         used.

Sorry for the confusion :-/

More information about the freebsd-questions mailing list