[CentOS] Firewalling SMTP

Sun Jan 14 22:20:56 UTC 2007
John Summerfield <debian at herakles.homelinux.org>

Denis Croombs wrote:
> I have a Centos server and I want to only accept mail for the local users
> from 3 mail servers, but I still want the users to be able to send emails
> through this server, If I firewall the SMTP port to my 3 mail servers is
> there any way users will be able to still send via the main POP server ?
> (currently using Sendmails SMTP-Auth)

sending mail is not a standard POP feature, and it's not what sendmail uses.

Your choices for limiting access to sendmail include:
1. Limiting the addresses it listens to. You don't want it listening to 
public IP addresses.
2. Using /etc/hosts.{allow,deny} to control what addresses sendmail 
accepts connexions from.
3. Using an external firewall to control who can connect to your mail 
server. This is appropriate, for example, when you use ADSL and have a 
"hardware" router manage your internet connexion. You can also choose to 
use a PC in this role (I do it with an HP Vectra Pentium II running 
Debian and Shorewall).
4. Using netfilter on your mail server as above. See www.netfilter.org 
and "man iptables."
5. Sendmail (probably) has its own additional means of controlling who 
can connect: I use Postfix, and for certain and sure Postfix has.

Note that smtp-auth controls (effectively) people, without regard for 
where they actually are on the Internet. If I kbow an account name and 
password for your system, I can use your servers from here in Western 
Australia unless use use one of the options above.

None of the options above has any implications for people sending email 
through your mail service provided that they are physically attached to 
some place you've authoriseed as above.



-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu

Please do not reply off-list