Ugo Bellavance wrote:
> Hi,
>
> I'm looking for a way, in sendmail, to set access rule, saying:
>
> Accept messages for domain.com only from this IP address.
>
> I did some research yesterday, but could only find a way to restrict by
> IP for all domains managed by sendmail.
>
> Any ideas?
Yes, add a lookup to check sending host ip against domain and add some
rules to check. This has been tested in sendmail ruleset testing mode
only...you probably want to run some tests of your own.
eg: your sendmail is configured to relay for example.org.
Add a domainip berkeley db.
example.org 192.168.10.4 in domainip
Add a map to sendmail.cf (after access map in this example)
# Access list database (for spam stomping)
Kaccess hash -T<TMPF> -o /etc/mail/access.db
# Domain ip list
Kdomainip hash /etc/mail/domainip.db
# Configuration version number
DZ8.13.1
Add rules to check sending host ip (client_addr) against domain. Put the
four missing lines in your Local_check_rcpt ruleset. You cannot just
copy and paste from this mail. Put a tab/tabs between the $: and $#error
and the > character of each line
######################################################################
### check_rcpt -- check SMTP `RCPT TO:' command argument
######################################################################
SLocal_check_rcpt
R< $- @ $* > $: < $(domainip $2 $: ? $) >
R<$&{client_addr}> $: OK
R<?> $: OK
R<$*> $#error $@ 5.7.1 $: "550 Relaying denied"
Scheck_rcpt
R$* $: $1 $| $>"Local_check_rcpt" $1
R$* $| $#$* $#$2
R$* $| $* $@ $>"Basic_check_rcpt" $1