[Mimedefang] Locking down sendmail from behind a filtering gateway

Kees Theunissen C.J.Theunissen at differ.nl
Tue Feb 17 16:33:46 EST 2015


On Tue, 17 Feb 2015, John Von Essen wrote:

>Initially I thought I could do this with the access table, i.e.
>
>Connect:1		REJECT
>Connect:2		REJECT
>?
>?
>Connect:254		REJECT
>Connect:127.0.0.1	OK
>Connect: X.X.X.X	OK
>
>Where X.X.X.X is the IP of my filtering gateway. I ?think? the above
>works, I did it once before a long time ago. But the problem is my mail
>server is also IPv6, so doing the above for IPv6 is not practical.
>
>Any thoughts, the filtering gateways only have 1 NIC. Worst case, I can
>put a firewall on the mail server, but I didn?t want to have to do that.
>Is there a way to make sendmail deny everything by default?


Not tested but the line below should work as catch-all rule for IPv6.


Connect:IPv6	REJECT



Regards,

Kees Theunissen.

-- 
Kees Theunissen,  System and network manager,   Tel: +31 (0)30 6096724
Dutch Institute For Fundamental Energy Research (DIFFER)
e-mail address:   C.J.Theunissen at differ.nl
postal address:   PO Box 1207, 3430 BE Nieuwegein, NL
visitors address: Edisonbaan 14, 3439 MN Nieuwegein, NL




More information about the MIMEDefang mailing list