[CentOS] mail/access revisited

Craig White craigwhite at azapple.com
Sun Mar 12 22:33:53 UTC 2006

On Sun, 2006-03-12 at 16:53 -0500, Sam Drinkard wrote:
> Will McDonald wrote:
> > On 12/03/06, Sam Drinkard <sam at wa4phy.net> wrote:
> >   
> >>  A while back, I posted a note asking if anyone had any ideas why the
> >> /etc/mail/access file was not being parsed or utilized in the efforts to
> >> stop spam and junk mail.  I just looked over things again, and have still
> >> not found any reason why it still permits the TLD's I have listed to pass
> >> thru.  I also thought perhaps there might be some "upper limit" to the
> >> number of entries sendmail could handle.  What do the sendmail guru's think
> >> about that idea?  I may reduce the number of entries from the current 275
> >> +/- down to just the most offensive TLD's and see what happens.  Short of
> >> that, are there any other thoughts ya'll might have as to why it still
> >> passes the stuff I want blocked?
> >>     
> >
> > I don't know the ins-and-outs of Sendmail access well but does it base
> > its decision purely on the "From" address, which as we all know isn't
> > necessarily where a message originates. Or could it be basing the
> > access decision on the initial Received: from address, and/or that
> > addresses reverse lookup, in the header?
> >
> > In which case, a spam could originate from mail.blah.com and access
> > would accept it but the message itself would appear to come from
> > spammers at domain.ru. You'd accept the message inspite of having .ru
> > denied in your access.
> >
> > Just a thought.
> >
> > Will.
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
> >
> >   
> As far as I know Will, sendmail looks at the access database, and will 
> not allow a connection from the sending host if that particular IP or 
> hostname happens to be in there.  The access list *used* to work, but as 
> I mentioned, I'm wondering if perhaps I've hit an upper limit or 
> exceeded a limit where nothing in there is being parsed now.  I don't go 
> by hostname when blocking.   I look at the sending host IP and block 
> that.  Headers from sendmail tell who or what connected to the port or 
> tried to connect.
it does if you use REJECT 

it also does things like ALLOW

and things like RELAY

I have never had a sendmail 'access' file with more than a few lines and
I don't think that it was actually intended to be a spam filter. There
are other very good methodologies for managing spam and sendmail is
quite capable of using them.


More information about the CentOS mailing list