rejecting "FROM" domain unless sending MTA is on specific IP address ranges
I have a sendmail 8.12 server ( Red Hat Enterprise v5 )
It is on the DMZ.
It receives mail only (no sending).
It checks incomming mail recipients against an LDAP server and rejects
the recipient if it isn't valid.
It only accepts mail if the recipient is verified, and then it
forwards it to our internal mail systems.
I would like to reject mail if the sender address domain is
"mydomain.com"
I have done that using /etc/mail/access with a like like this:
From:mydomain.com ERROR:550 we only accept sender address
in mydomain.com if the sending server is on our subnet
I would like to ACCEPT mail with the sender address "mydomain.com" if
the server is on one of our subnets,
for example: 192.168.x.x or 172.17.x.x
I tried adding entries inito "/etc/mail/access" like this: (doesn't
seem to work?)
172.17 OK
I also tried "RELAY" or "SKIP" and tried putting the lines before and/
or after the ERROR:550 directive.
None of the combinations seem to work.
I did do the "makemap hash" after each change.
What am I missing here?
Re: rejecting "FROM" domain unless sending MTA is on specific IP address ranges
In article <1190137891.967204.34510 [at] w3g2000hsg.googlegroups.com>,
Ben Russo USA <ben [at] muppethouse.net> wrote:
>I have a sendmail 8.12 server ( Red Hat Enterprise v5 )
>It is on the DMZ.
>It receives mail only (no sending).
>It checks incomming mail recipients against an LDAP server and rejects
>the recipient if it isn't valid.
>It only accepts mail if the recipient is verified, and then it
>forwards it to our internal mail systems.
>
>I would like to reject mail if the sender address domain is
>"mydomain.com"
>I have done that using /etc/mail/access with a like like this:
>
> From:mydomain.com ERROR:550 we only accept sender address
>in mydomain.com if the sending server is on our subnet
>
>I would like to ACCEPT mail with the sender address "mydomain.com" if
>the server is on one of our subnets,
>for example: 192.168.x.x or 172.17.x.x
>
>I tried adding entries inito "/etc/mail/access" like this: (doesn't
>seem to work?)
>
> 172.17 OK
>
>I also tried "RELAY" or "SKIP" and tried putting the lines before and/
>or after the ERROR:550 directive.
>None of the combinations seem to work.
>I did do the "makemap hash" after each change.
>
>What am I missing here?
>
A) you want to specify an 'ok' _before_ the Error line
b) you may need to qualify the item with 'Connect:'
Try: Connect:172.17 OK
