John Merritt wrote:
I tried to secure ssh better by putting in an AllowUsers line in sshd_config. Then I thought tcp wrappers and just putting in my own addresses in /etc/hosts.allow would be even better, until I found out that all mail to my email server would be rejected.
There should be no problem here. Just disallow everything in /etc/hosts.deny and then enable particular ip addresses for sshd. And also enable the appropriate addresses for other services that you want to be available to various IP addresses. You can use the word ALL to indicate no restriction. e.g.:
sendmail:ALL
man hosts.allow should get you the information that you need.
But if you are remote to the machine, be careful you don't lock yourself out!
-Steve