SUMMARY: Host access list for connection via IP port 25 (SMTP)

From: Dr. D.G.Checketts (
Date: Tue Nov 25 1997 - 02:56:55 CST

The original posting :-


I am running Sun's standard sendmail offering (8.6) on a Solaris 2.4 server.
In order to properly manage the usage of email, a need has arisen to limit
the machines which may forward mail via this server. This would include a list
of local Sun machines, a remote mail gateway (still on Campus) and NOTHING ELSE.

Does anyone know how this can be achieved? I am aware of tcp_wrappers but am not
sure how that could be used in conjunction with sendmail. I have also seen the
sites which talk about methods to cut down spam mail. The objective in those
cases seems to be to give a list of disallowed machines. I need to do the
opposite, i.e. give a list of allowed machines.

All help gratefully received and a summary will be posted.


The response was fast as always (no. 1 arrived before I even received
notification of my own posting) and really useful. The problem is now solved.

I used Randy Zagar's suggestion and just integrated sendmail into tcp_wrappers.
I thought that it was necessary to use some other interface between these
too items but Randy's "two-line solution" did the job for us. I realise
that this will not return any warning to invalid senders but that is
fine by us as all mail should be routed through the proper DNS registered
hosts anyway.

> From Tue Nov 18 16:41:46 1997
> To:
> Subject: Re: Host access list for connection via IP port 25 (SMTP)
> X-Sun-Charset: US-ASCII
> Content-Length: 993
> X-Lines: 38
> I have successfully used tcp_wrappers to restrict access to sendmail
> in the following way:
> 1. Change sendmail startup script in /etc/init.d from
> /usr/lib/sendmail -bd -q1h
> to
> /usr/lib/sendmail -q1h
> This sendmail process will now only handle delivering outgoing mail.
> 2. Create an 'smtp' entry in /etc/inetd.conf that looks like
> smtp stream tcp nowait root /usr/local/sbin/in.tcpd \
> /usr/lib/sendmail -bs
> Any incoming SMTP connection requests will now be handled through inetd
> and can be filtered with appropriate entries in the hosts.allow file.
> I believe this was described in the tcp_wrapper documentation...
> Also, sendmail-8.8.x has tcp_wrapper support built into it...
> -Randy
> ===
> Randy Zagar E-Mail:
> Sr. Scientific Programmer E-Mail:
> College of Marine Studies Voice: (302) 831-1139
> University of Delaware FAX: (302) 831-6838
> Newark, DE 19716

I did receive some advice from Claus Assmann to modify the
file after upgrading to version 8.8.

> From Tue Nov 18 16:34:23 1997
> To:
> Subject: Re: Host access list for connection via IP port 25 (SMTP)
> Mime-Version: 1.0
> X-Lines: 19
> Scheck_relay
> # everything in class w is ok.
> R$*.$=w $| $+ $@ ok
> # everything else is forbidden
> R$* $| $* $#error $@ 5.7.1 $: no access from $1
> You may need something more than class w!
> Best regards,
> Claus Assmann

Everyone else suggested upgrading to sendmail 8.8 and using the anti-spam
features of that release. I decided not to do that for now as we would lose
Sun OS support. Hopefully they will be bringing out an improved version
themselves before too long.

Many Thanks to :-

Reto Lichtensteiger
Rick Kulawiec
Micky Panayiotakis
Shriman Gurung
Karl Vogel

+ those in the main text of course. Sun Managers comes out top again.



Dr. David Checketts | E-Mail
Computer Officer |
School of Elec. & Elec. Eng., |
University of Birmingham | Telephone: 0121 414 4322
Birmingham, B15 2TT, | Fax: 0121 414 4291

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:10 CDT