sendmail/saslauthd Domain Blocking
Per Hedeland
per at hedeland.org
Mon Oct 7 16:56:59 UTC 2019
On 2019-10-07 16:48, Tim Daneliuk wrote:
> I block unwanted domains from sending mail to one of our servers by
> putting it on the reject list in /etc/mail/access.
>
> I am seeing distributed brute force attempts to use that same
> server as a relay. These are coming from a few domains.
> So far, these attempts have failed but I'd like to be proactive in
> preventing future such intrusions.
>
> Is there an equivalent way to block entire domains and/or subdomains
> from ever even connecting to saslauthd?
I'm not sure exactly what you're asking, since you seem to already
have the answer... At least in the context of sendmail (and I believe
it is the same in other contexts), no external entities connect
directly to saslauthd, only sendmail does that. So you need to reject
connections from those domains to sendmail - which you can do with
e.g. access_db a.k.a. /etc/mail/access. E.g. an entry
Connect:example.com REJECT
will reject connections from hosts that have an IP address that
reverse-resolves to anything in the example.com domain. See
/usr/share/sendmail/cf/README for the details.
Of course using a firewall of your choice (ipf/pf/ipfw) may be an
alternative, to block the connections before they even reach sendmail
- they can't work with "domains", but IP address ranges may be equally
useful.
--Per Hedeland
More information about the freebsd-questions
mailing list