sendmail/saslauthd Domain Blocking

Per Hedeland per at
Mon Oct 7 16:56:59 UTC 2019

On 2019-10-07 16:48, Tim Daneliuk wrote:
> I block unwanted domains from sending mail to one of our servers by
> putting it on the reject list in /etc/mail/access.
> I am seeing distributed brute force attempts to use that same
> server as a relay.  These are coming from a few domains.
> So far, these attempts have failed but I'd like to be proactive in
> preventing future such intrusions.
> Is there an equivalent way to block entire domains and/or subdomains
> from ever even connecting to saslauthd?

I'm not sure exactly what you're asking, since you seem to already
have the answer... At least in the context of sendmail (and I believe
it is the same in other contexts), no external entities connect
directly to saslauthd, only sendmail does that. So you need to reject
connections from those domains to sendmail - which you can do with
e.g. access_db a.k.a. /etc/mail/access. E.g. an entry   REJECT

will reject connections from hosts that have an IP address that
reverse-resolves to anything in the domain. See
/usr/share/sendmail/cf/README for the details.

Of course using a firewall of your choice (ipf/pf/ipfw) may be an
alternative, to block the connections before they even reach sendmail
- they can't work with "domains", but IP address ranges may be equally

--Per Hedeland

More information about the freebsd-questions mailing list