[CentOS] Firewalling SMTP

Tue Jan 16 17:14:29 UTC 2007
Shawn K. O'Shea <shawn at ll.mit.edu>

> sending mail is not a standard POP feature, and it's not what sendmail 
> uses.
>
> Your choices for limiting access to sendmail include:
> 1. Limiting the addresses it listens to. You don't want it listening 
> to public IP addresses.
> 2. Using /etc/hosts.{allow,deny} to control what addresses sendmail 
> accepts connexions from.
> 3. Using an external firewall to control who can connect to your mail 
> server. This is appropriate, for example, when you use ADSL and have a 
> "hardware" router manage your internet connexion. You can also choose 
> to use a PC in this role (I do it with an HP Vectra Pentium II running 
> Debian and Shorewall).
> 4. Using netfilter on your mail server as above. See www.netfilter.org 
> and "man iptables."
> 5. Sendmail (probably) has its own additional means of controlling who 
> can connect: I use Postfix, and for certain and sure Postfix has.
>
I'd like to add another idea to the list. You can use DRAC (Dynamic 
Relay Authorization Control) to dynamically update your SMTP relay 
rules. We used to use this at one of my previous employers. You're users 
must make a POP or IMAP email check, and then DRAC will dynamically add 
a rule to your relay access filters for them.

http://mail.cc.umanitoba.ca/drac/

-Shawn