[CentOS] Re: Sendmail restriction

Thu Aug 31 18:24:48 UTC 2006
Will McDonald <wmcdonald at gmail.com>

On 31/08/06, Ugo Bellavance <ugob at camo-route.com> wrote:
> Richard wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Les Mikesell wrote:
> >> On Thu, 2006-08-31 at 09:47 -0400, Ugo Bellavance wrote:
> >>> Hi,
> >>>
> >>>      I'm looking for a way, in sendmail, to set access rule, saying:
> >>>
> >>> Accept messages for domain.com only from this IP address.
> >>>
> >>> I did some research yesterday, but could only find a way to restrict by
> >>> IP for all domains managed by sendmail.
> >>>
> >>> Any ideas?
> >> It is overkill for this one job, but if you add MimeDefang
> >> (http://www.mimedefang.org) as a milter, you can easily add
> >> tests like that in perl in your filter code.  Well maybe it's
> >> not overkill compared to learning how to write sendmail
> >> rulesets in its own macro language - and if you want to add
> >> virus or spam scans it is a big win.
> >>
> >
> > Another option is to run another sendmail daemon configured to listen on
> > a non-standard port with its own cf and access files and have the sender
> > output to that port.
>
> That is a good idea, I'll see if I can do that in this specific
> situation.  Other ideas welcome :).

Working on from Richard's idea, run a separate daemon but on standard
ports and bound to an aliased IP and configure that Sendmail instance
to only allow SMTP to/from your customer. You could firewall that IP
too so only traffic to/from the customer was allowed.

The advantage there being minimal disruption to the end-user and you
can setup specific DNS records for {mail,smtp,pop}.customerdomain.tld
pointing to the aliased IP.

Will.