SUMMARY: Deny SMTP connections from a certain IP/Domain

From: Tony Ching-Tung Wu (
Date: Thu Aug 22 1996 - 10:22:24 CDT

Thanks to the following people for reply.

Reto Lichtensteiger <>
Jochen Bern <>
Claus Assmann <>
John Hall <>
Reinhard Bertram <>
Dave Roberts <>

The answer is TCP WRAPPER, Claus Assmann has the very detailed answer.
Thank you again !!

> I am wondering if it's possible to deny SMTP connections from a certain IP
> or Domain. We would like to prevent some local machines from sending
> emails through our mail server. We run ucb sendmail 8.7 series here. Is it
> possible to do that ?

Somthing like this?

4) How do I refuse e-mail from unwanted domains (users)?

If you have sendmail 8, you can do the following to refuse mails from
unwanted hosts/domains:

Put into ruleset 98 something like: (this is LOCAL_RULE_0 in your .mc file)
R$* < @$*$=K . > $* $#error $@ 5.7.1 $: "This domain is banned."
R$* < @$*$=K > $* $#error $@ 5.7.1 $: "This domain is banned."
And define a class K by:
FK /etc/
In this file, you should put the names of the banned domains, e.g.,

If you want to specify the user(s) too, you have to replace the first
$* with the name or a match for a class.

Another possibility is to use tcp_wrappers. There is a patch
(avalailble at
/pub/sources/security/ for
sendmail 8.7.5, which incorporates the functionality directly into
sendmail. Using this approach, you can define the access to your
sendmail daemon based on the rules available for tcp_wrappers.

If you have any corrections/additions/suggestions, please let me know.
These questions and answers are also available on
which contains some more hints about sendmail.

Hope this help,

Claus Assmann

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:08 CDT