I have not read on the access_db feature in some time, but I do know that tcpwrappers will only protect connections coming in on ports you specify, and only when the initial connection is made (for persistent connections). Programs running on your box will be able to connect to whom ever they please, unaffected by tcpwrappers.

>>> mjn at umn.edu 02/27/01 09:55AM >>>
My understanding of the access_db feature is it is for selective denial of
SMTP relaying and not necessarily for denying access to SMTP (delivery)
for all but a select one or two...perhaps i am wrong in that perception.

Since I am not really relaying any mail, nor do I plan on it, I don't
think this is quite the fix i am looking for (again, I may be totally
wrong in my understanding of access_db).  While it is a nice feature for
blocking unsolicited spammers, it does not perform quite the way I'd like.

I'd like to deny SMTP connects from all but the mail gateway.  They way
we have things set up is something like this:

- Novell Groupwise 5.5 with internet aliases for all of our majordomo
  lists and majordomo it self.  

- The majordomo box is set up with masquerade_as and an MX entry
  of the Groupwise box

So all mail to majordomo should come from that one host.  My thinking is
that limiting SMTP access with ipchains or wrappers would provide another
level of assurance and eliminate any chance that box gets used for ill.

I have access_db enabled in my current sendmail.cf and, given the
allowable sytax for entries, there is no (simple?) way to accomplish this.

If I were to enable wrapper support, would that limit my delivery
capability as well or will sendmail be free to connect to whomever it
chooses and only limit who connects to it?

Hope that makes sense...thanks again

____________________________
Mike Neuharth
ADCS Technology Specialist
http://www.umn.edu/adcs 

E-Mail          : mjn at umn.edu 
Page Mail       : 6126486512 at page.metrocall.com 
http://supermonkeycollider.dyndns.org/ 
____________________________


_______________________________________________
tclug-list mailing list
tclug-list at mn-linux.org 
https://mailman.mn-linux.org/mailman/listinfo/tclug-list