[CentOS] mail/access revisited

Sam Drinkard sam at wa4phy.net
Sun Mar 12 21:53:49 UTC 2006 

Will McDonald wrote:
> On 12/03/06, Sam Drinkard <sam at wa4phy.net> wrote:
>   
>>  A while back, I posted a note asking if anyone had any ideas why the
>> /etc/mail/access file was not being parsed or utilized in the efforts to
>> stop spam and junk mail.  I just looked over things again, and have still
>> not found any reason why it still permits the TLD's I have listed to pass
>> thru.  I also thought perhaps there might be some "upper limit" to the
>> number of entries sendmail could handle.  What do the sendmail guru's think
>> about that idea?  I may reduce the number of entries from the current 275
>> +/- down to just the most offensive TLD's and see what happens.  Short of
>> that, are there any other thoughts ya'll might have as to why it still
>> passes the stuff I want blocked?
>>     
>
> I don't know the ins-and-outs of Sendmail access well but does it base
> its decision purely on the "From" address, which as we all know isn't
> necessarily where a message originates. Or could it be basing the
> access decision on the initial Received: from address, and/or that
> addresses reverse lookup, in the header?
>
> In which case, a spam could originate from mail.blah.com and access
> would accept it but the message itself would appear to come from
> spammers at domain.ru. You'd accept the message inspite of having .ru
> denied in your access.
>
> Just a thought.
>
> Will.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
>   

As far as I know Will, sendmail looks at the access database, and will 
not allow a connection from the sending host if that particular IP or 
hostname happens to be in there.  The access list *used* to work, but as 
I mentioned, I'm wondering if perhaps I've hit an upper limit or 
exceeded a limit where nothing in there is being parsed now.  I don't go 
by hostname when blocking.   I look at the sending host IP and block 
that.  Headers from sendmail tell who or what connected to the port or 
tried to connect.

Sam

More information about the CentOS mailing list