Ross S. W. Walker wrote: > If you have interfaces on the public Internet, then by all means > firewall them, if you need to allow SMTP traffic over those public > interfaces then allow port 25 from any host to localhost and use Nomachine except yourself can talk to _your_ localhost because (almost) everyone has their own localhost interface, and any attempt to talk to localhost on another machine will fail, even if you set up your own to do without localhost, because everyone's routing tables won't send the traffic anywhere useful. If you don't mean the interface (lo on linux) with ip address 127.0.0.1 (and hostname localhost), then don't use the name localhost. > sendmail's access controls (/etc/mail/access) to determine who can send > mail locally, relay mail etc. It's easier to control SMTP access within > SMTP application then through firewall which handles traffic at a lower > level. years ago when I used sendmail, I found myself perpetually confused about the sendmail access rules (and mail in general) and could never get rules that worked. Possibly, part of the problem then was I'd not learned to not trust any information provided by those trying to send mail to me. For example: I've just had a mishap with my mail service, I ran out of disk space and caused lots of mail errors. Some of the mail I couldn't accept came from hosts that introduced themselves: ehlo friend or ehlo mail.home.intern Obviously lies, so I tightened my postfix rules to reject incomplete hostnames (friend) and unknown hosts (mail.home.intern). When I was fiddling with sendmail's access rules, I was looking at blocking email addresses, "from" domains, subjects & such. Absolutely useless, of course, on my small scale. -- Cheers John -- spambait 1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu Please do not reply off-list