/etc/mail/access IP entries

28/09/2006, 21h35

Hi all,

Just curious if the /etc/mail/access db interpreter is CIDR aware. For
example, can I add an entry like this:

192.168.0.0/23 reject

and expect Sendmail to reject any and all mail from the source addresses of
192.168.0.0 - 192.168.1.255?

TIA,

Alex Moen
NDTC

28/09/2006, 21h56

On Thu, 28 Sep 2006 15:35:17 -0500, Alex Moen <alexm@ndtel.com> wrote:
> Hi all,

> Just curious if the /etc/mail/access db interpreter is CIDR aware. For
> example, can I add an entry like this:

> 192.168.0.0/23 reject

> and expect Sendmail to reject any and all mail from the source addresses of
> 192.168.0.0 - 192.168.1.255?

According to:

www.sendmail.org/tips/relaying.html

(scroll to the bottom), you can use subnetting like this:

192.168.0 REJECT
192.168.1 REJECT

which isn't quite what you asked, but gives the required result.

--
Dale Dellutri <ddelQQQlutr@panQQQix.com> (lose the Q's)

28/09/2006, 22h28

"Dale Dellutri" <ddelQQQlutr@panQQQix.com> wrote in message
news:efhcur$mm0$1@reader1.panix.com...
> On Thu, 28 Sep 2006 15:35:17 -0500, Alex Moen <alexm@ndtel.com> wrote:
>> Hi all,
>
>> Just curious if the /etc/mail/access db interpreter is CIDR aware. For
>> example, can I add an entry like this:
>
>> 192.168.0.0/23 reject
>
>> and expect Sendmail to reject any and all mail from the source addresses
>> of
>> 192.168.0.0 - 192.168.1.255?
>
> According to:
>
> www.sendmail.org/tips/relaying.html
>
> (scroll to the bottom), you can use subnetting like this:
>
> 192.168.0 REJECT
> 192.168.1 REJECT
>
> which isn't quite what you asked, but gives the required result.
>
>
> --
> Dale Dellutri <ddelQQQlutr@panQQQix.com> (lose the Q's)

OK, that's what I thought... I saw the FAQ on CIDR, but I was hoping that
Sendmail had been updated to allow this... 1 or 2 /24's are no problem, but
when you want to block multiple /8's it does become quite daunting. Guess
I'll have to find a better way to do this than the built-in Sendmail stuff.

Thanks!

Alex

29/09/2006, 00h39

"Alex Moen" <alexm@ndtel.com> writes:
>OK, that's what I thought... I saw the FAQ on CIDR, but I was hoping that
>Sendmail had been updated to allow this... 1 or 2 /24's are no problem, but
>when you want to block multiple /8's it does become quite daunting. Guess
>I'll have to find a better way to do this than the built-in Sendmail stuff.

You should be able to do /8 by just specifying the first octet, or
/16 with x.y as the key. What you can't do is anything not on an
octet boundary.

29/09/2006, 01h35

"Lone Locust of the Apocalypse" <zorak@ninthbit.com> wrote in message
news:v2ZSg.5444$lq.1180@newsread1.mlpsca01.us.to.v erio.net

>> OK, that's what I thought... I saw the FAQ on CIDR, but I was hoping
>> that Sendmail had been updated to allow this... 1 or 2 /24's are no
>> problem, but when you want to block multiple /8's it does become
>> quite daunting. Guess I'll have to find a better way to do this
>> than the built-in Sendmail stuff.
>
> You should be able to do /8 by just specifying the first octet, or
> /16 with x.y as the key. What you can't do is anything not on an
> octet boundary.

One can certainly use the ${SOURCE}/contrib/cidrexpand Perl script to make
such an operation easier, e.g.:

echo "
Connect:205.199.0.0/21 REJECT
Connect:213.0.0.0/14 REJECT
" | ./cidrexpand # | makemap hash /etc/mail/access

29/09/2006, 21h47

"ynotssor" <ynotssor@example.net> wrote in message
news:4o382eFck4kvU1@individual.net...
> "Lone Locust of the Apocalypse" <zorak@ninthbit.com> wrote in message
> news:v2ZSg.5444$lq.1180@newsread1.mlpsca01.us.to.v erio.net
>
>>> OK, that's what I thought... I saw the FAQ on CIDR, but I was hoping
>>> that Sendmail had been updated to allow this... 1 or 2 /24's are no
>>> problem, but when you want to block multiple /8's it does become
>>> quite daunting. Guess I'll have to find a better way to do this
>>> than the built-in Sendmail stuff.
>>
>> You should be able to do /8 by just specifying the first octet, or
>> /16 with x.y as the key. What you can't do is anything not on an
>> octet boundary.
>
> One can certainly use the ${SOURCE}/contrib/cidrexpand Perl script to make
> such an operation easier, e.g.:
>
> echo "
> Connect:205.199.0.0/21 REJECT
> Connect:213.0.0.0/14 REJECT
> " | ./cidrexpand # | makemap hash /etc/mail/access
>

OK, that's workable... Thanks for the !

Alex

28/09/2006, 21h35	#1 (permalink)
Alex Moen Messages: n/a Hébergeur:	/etc/mail/access IP entries Hi all, Just curious if the /etc/mail/access db interpreter is CIDR aware. For example, can I add an entry like this: 192.168.0.0/23 reject and expect Sendmail to reject any and all mail from the source addresses of 192.168.0.0 - 192.168.1.255? TIA, Alex Moen NDTC

28/09/2006, 21h56	#2 (permalink)
Dale Dellutri Messages: n/a Hébergeur:	Re: /etc/mail/access IP entries On Thu, 28 Sep 2006 15:35:17 -0500, Alex Moen <alexm@ndtel.com> wrote: > Hi all, > Just curious if the /etc/mail/access db interpreter is CIDR aware. For > example, can I add an entry like this: > 192.168.0.0/23 reject > and expect Sendmail to reject any and all mail from the source addresses of > 192.168.0.0 - 192.168.1.255? According to: www.sendmail.org/tips/relaying.html (scroll to the bottom), you can use subnetting like this: 192.168.0 REJECT 192.168.1 REJECT which isn't quite what you asked, but gives the required result. -- Dale Dellutri <ddelQQQlutr@panQQQix.com> (lose the Q's)

28/09/2006, 22h28	#3 (permalink)
Alex Moen Messages: n/a Hébergeur:	Re: /etc/mail/access IP entries "Dale Dellutri" <ddelQQQlutr@panQQQix.com> wrote in message news:efhcur$mm0$1@reader1.panix.com... > On Thu, 28 Sep 2006 15:35:17 -0500, Alex Moen <alexm@ndtel.com> wrote: >> Hi all, > >> Just curious if the /etc/mail/access db interpreter is CIDR aware. For >> example, can I add an entry like this: > >> 192.168.0.0/23 reject > >> and expect Sendmail to reject any and all mail from the source addresses >> of >> 192.168.0.0 - 192.168.1.255? > > According to: > > www.sendmail.org/tips/relaying.html > > (scroll to the bottom), you can use subnetting like this: > > 192.168.0 REJECT > 192.168.1 REJECT > > which isn't quite what you asked, but gives the required result. > > > -- > Dale Dellutri <ddelQQQlutr@panQQQix.com> (lose the Q's) OK, that's what I thought... I saw the FAQ on CIDR, but I was hoping that Sendmail had been updated to allow this... 1 or 2 /24's are no problem, but when you want to block multiple /8's it does become quite daunting. Guess I'll have to find a better way to do this than the built-in Sendmail stuff. Thanks! Alex

29/09/2006, 00h39	#4 (permalink)
Lone Locust of the Apocalypse Messages: n/a Hébergeur:	Re: /etc/mail/access IP entries "Alex Moen" <alexm@ndtel.com> writes: >OK, that's what I thought... I saw the FAQ on CIDR, but I was hoping that >Sendmail had been updated to allow this... 1 or 2 /24's are no problem, but >when you want to block multiple /8's it does become quite daunting. Guess >I'll have to find a better way to do this than the built-in Sendmail stuff. You should be able to do /8 by just specifying the first octet, or /16 with x.y as the key. What you can't do is anything not on an octet boundary.

29/09/2006, 01h35	#5 (permalink)
ynotssor Messages: n/a Hébergeur:	Re: /etc/mail/access IP entries "Lone Locust of the Apocalypse" <zorak@ninthbit.com> wrote in message news:v2ZSg.5444$lq.1180@newsread1.mlpsca01.us.to.v erio.net >> OK, that's what I thought... I saw the FAQ on CIDR, but I was hoping >> that Sendmail had been updated to allow this... 1 or 2 /24's are no >> problem, but when you want to block multiple /8's it does become >> quite daunting. Guess I'll have to find a better way to do this >> than the built-in Sendmail stuff. > > You should be able to do /8 by just specifying the first octet, or > /16 with x.y as the key. What you can't do is anything not on an > octet boundary. One can certainly use the ${SOURCE}/contrib/cidrexpand Perl script to make such an operation easier, e.g.: echo " Connect:205.199.0.0/21 REJECT Connect:213.0.0.0/14 REJECT " \| ./cidrexpand # \| makemap hash /etc/mail/access

29/09/2006, 21h47	#6 (permalink)
Alex Moen Messages: n/a Hébergeur:	Re: /etc/mail/access IP entries "ynotssor" <ynotssor@example.net> wrote in message news:4o382eFck4kvU1@individual.net... > "Lone Locust of the Apocalypse" <zorak@ninthbit.com> wrote in message > news:v2ZSg.5444$lq.1180@newsread1.mlpsca01.us.to.v erio.net > >>> OK, that's what I thought... I saw the FAQ on CIDR, but I was hoping >>> that Sendmail had been updated to allow this... 1 or 2 /24's are no >>> problem, but when you want to block multiple /8's it does become >>> quite daunting. Guess I'll have to find a better way to do this >>> than the built-in Sendmail stuff. >> >> You should be able to do /8 by just specifying the first octet, or >> /16 with x.y as the key. What you can't do is anything not on an >> octet boundary. > > One can certainly use the ${SOURCE}/contrib/cidrexpand Perl script to make > such an operation easier, e.g.: > > echo " > Connect:205.199.0.0/21 REJECT > Connect:213.0.0.0/14 REJECT > " \| ./cidrexpand # \| makemap hash /etc/mail/access > OK, that's workable... Thanks for the ! Alex

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email