Re: R: Problemi sendmail

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]

Archivio: Febbraio 2004 ml@sikurezza.org
Soggetto: Re: R: Problemi sendmail
Mittente: ~MeRliNo
Data: 9 Feb 2004 19:13:25 -0000

On Fri, 6 Feb 2004 12:21:21 +0100, VITALETTI GABRIELE wrote:

>>>FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
>>>FEATURE(blacklist_recipients)
>Le FEATURE che inserisco sono le stesse tranne che utilizzo
>FEATURE(access_db)
>Credi che sia il caso di metterla completa?

Dipende dalla versione di Sendmail che stai utilizzando e sopratutto
dal tipo di piattaforma. 
cmq qui c'e' scritto tutto: http://www.sendmail.org/m4/anti_spam.html.
Qui c'e' anche scritto come utilizzare la blacklist_recipients

badlocaluser@		ERROR:550 Mailbox disabled for this
username
host.mydomain.com	ERROR:550 That host does not accept mail
user@xxxxxxxxxxxxxxxxxxxxxx	ERROR:550 Mailbox disabled for this
recipient

>Comunque, se faccio una modifica al file access (per esempio un REJECT su un
>indirizzo oppure un RELAY su un server) le modifiche vengono accettate:
>sembra che proprio i tag TO: e CONNECT: vengano ignorati.

Ancora sul manuale di SendMail ed anche in questo caso deve essere
abilitata la blacklist_features:

Read this section only if the options listed so far are not sufficient
for your purposes. There is now the option to tag entries in the access
map according to their type. Three tags are available: 

Connect:	connection information (${client_addr}, ${client_name})
From:		envelope sender
To:		envelope recipient

If the required item is looked up in a map, it will be tried first with
the corresponding tag in front, then (as fallback to enable backward
compatibility) without any tag, unless the specific feature requires a
tag. For example, 

From:spammer@xxxxxxxx	REJECT
To:friend.domain	RELAY
Connect:friend.domain	OK
Connect:from.domain	RELAY
From:good@xxxxxxxxxxx	OK
From:another.dom	REJECT
This would deny mails from spammer@xxxxxxxx but you could still send
mail to that address even if FEATURE(`blacklist_recipients') is
enabled. Your system will allow relaying to friend.domain, but not from
it (unless enabled by other means). Connections from that domain will
be allowed even if it ends up in one of the DNS based rejection lists.
Relaying is enabled from from.domain but not to it (since relaying is
based on the connection information for outgoing relaying, the tag
Connect: must be used; for incoming relaying, which is based on the
recipient address, To: must be used). The last two entries allow mails
from good@xxxxxxxxxxx but reject mail from all other addresses with
another.dom as domain part. 

----------
~MeRliNo
Network Manager - Red Hat Certified Engineer
ICDN & ICT Specialist - Adv Linux Security

________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List

In risposta a:
- R: Problemi sendmail, VITALETTI GABRIELE

Data:
- precedente: Re:Info su Microsoft ISA Server, softice\@libero\.it
- successivo: Re: titolare dei dati, carlo d'annunzio
- indice

Argomento:
- precedente: R: Problemi sendmail, VITALETTI GABRIELE
- successivo: RE: Aruba, hosting windows, PHP e oggetti COM, X-MaD
- indice

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005