[CentOS] Firewalling SMTP

Tue Jan 16 17:21:08 UTC 2007
denis at croombs.org <denis at croombs.org>

>
>> sending mail is not a standard POP feature, and it's not what sendmail
>> uses.
>>
>> Your choices for limiting access to sendmail include:
>> 1. Limiting the addresses it listens to. You don't want it listening
>> to public IP addresses.
>> 2. Using /etc/hosts.{allow,deny} to control what addresses sendmail
>> accepts connexions from.
>> 3. Using an external firewall to control who can connect to your mail
>> server. This is appropriate, for example, when you use ADSL and have a
>> "hardware" router manage your internet connexion. You can also choose
>> to use a PC in this role (I do it with an HP Vectra Pentium II running
>> Debian and Shorewall).
>> 4. Using netfilter on your mail server as above. See www.netfilter.org
>> and "man iptables."
>> 5. Sendmail (probably) has its own additional means of controlling who
>> can connect: I use Postfix, and for certain and sure Postfix has.
>>
> I'd like to add another idea to the list. You can use DRAC (Dynamic
> Relay Authorization Control) to dynamically update your SMTP relay
> rules. We used to use this at one of my previous employers. You're users
> must make a POP or IMAP email check, and then DRAC will dynamically add
> a rule to your relay access filters for them.
>
> http://mail.cc.umanitoba.ca/drac/
>
> -Shawn
Hi Shawn

Thanks that looks like the perfect solution, I will give it a try.

Regards

Denis