Questions regarding /etc/mail/access

markng · 08-16-2002, 04:35 AM

Hi all,

I'm confused as to how I should enter the network address in the access file.

I'm currently running on a class C IP Network with a subnet of 255.255.255.224

I've tried the following and all does not work

x.x.x.0/255.255.255.224 RELAY
x.x.x.0 255.255.255.224 RELAY
x.x.x.0/27 RELAY

The strange this is that x.x.x.0/255.255.255.224 format works in /etc/hosts.allow

The only thing that works is

x.x.x RELAY

but this also allow others outside the subnet to send via this server. Another alternative that works is listing all the individual IP addresses which is a pain.

So guys.. any ideas?

Thanks in advance!!

-Mark

markng · 08-16-2002, 04:36 AM

Sorry I forgot to mention.. its running on Red Hat Linux 7.3

peter_robb · 08-16-2002, 11:46 AM

Sendmail doesn't use .../mail/access as a text file.
You must use makefile to create the .db file.

Check out the /sendmail.cf file for details.

Regards,
Peter.

unSpawn · 08-16-2002, 12:00 PM

OTOH if it's the format you're looking for it's
<parts you want to match> <errorcode> <message> like in
microsoft.com 550 Go away
microshaft.com OK
123.456.789 OK
123.456.789.133 550 Go away you 133T spammer

then do the makemap shuffle.

acid_kewpie · 08-16-2002, 12:47 PM

Quote:

Originally posted by peter_robb
Sendmail doesn't use .../mail/access as a text file.
You must use makefile to create the .db file.

Check out the /sendmail.cf file for details.

Regards,
Peter.

most versions of sendmail recompile the access_db whenever the daemon is started, i know it works fine to just change the text file and reload.

markng · 08-16-2002, 07:09 PM

Hi guys,

Thx for replying.

Yes, I did do that makemap hash /etc/mail/access < /etc/mail/access

Its just that when I try to allow access to a certain subnet using the format I just mentioned (e.g x.x.x.x/255.255.255.224) it doesn't work.. meaning the it wont allow me to send my mails even though I belong in that IP range. However if I enter (x.x.x ) i.e allowing the whole Class C network, then I can send. However this will also allow others in the particular Class C network to send which I don't want to.

That's why I was wondering if my way of entering those 'rules' are wrong.

Thx again!

peter_robb · 08-19-2002, 09:29 AM

New knowledge is good...
Thanks.

Reading the '/usr/share/sendmail-cf/README' file, that format is names or numbers, not masks.

For subnet mask control, add them to your iptables scripts.
eg
iptables -I INPUT -p tcp -s xxx.xxx.xxx.xxx/xx --dport 25 -j REJECT --reject-with icmp-host-prohibited

Regards,
Peter.