[Mimedefang] Locking down sendmail from behind a filtering gateway

John Von Essen john at quonix.net
Tue Feb 17 14:29:16 EST 2015


I am actually not running MD on the mail server, just on the filtering
devices that sit in front.

But yes, I never even thought of that, I could use MD on the mail server and
implement the reject/allow logic. I was just trying to see if there was a
native way to do it in sendmail. If I had 2nd NICs on all the servers, I
could do it that way via backdoor network.


-----Original Message-----
From: mimedefang-bounces at lists.roaringpenguin.com
[mailto:mimedefang-bounces at lists.roaringpenguin.com] On Behalf Of David F.
Sent: Tuesday, February 17, 2015 1:20 PM
To: mimedefang at lists.roaringpenguin.com
Subject: Re: [Mimedefang] Locking down sendmail from behind a filtering

On Tue, 17 Feb 2015 12:19:34 -0500
John Von Essen <john at quonix.net> wrote:

> Any thoughts, the filtering gateways only have 1 NIC. Worst case, I 
> can put a firewall on the mail server, but I didn't want to have to do 
> that. Is there a way to make sendmail deny everything by default?

You're using MIMEDefang, right?

sub filter_relay
	my ($ip) = @_;
	if ($ip ne '' &&
	    $ip ne 'X.X.X.X' &&
	    $ip ne 'ipv6:ipv6::ipv6') {
	    return('REJECT', 'Unauthorized');
	return ('CONTINUE', '');

NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang
mailing list MIMEDefang at lists.roaringpenguin.com

More information about the MIMEDefang mailing list