Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!spool.mu.edu!usenet.eel.ufl.edu!news-res.gsl.net!news.gsl.net!news.mathworks.com!newsfeed.internetmci.com!info.ucla.edu!unixg.ubc.ca!aurora.cs.athabascau.ca!mag-net.com!canada!canada!not-for-mail From: lyndon@orthanc.com (Lyndon Nerenberg) Newsgroups: comp.unix.bsd.misc Subject: Re: Tcp Wrappers Date: 16 Jul 1996 13:59:23 -0700 Organization: Orthanc Systems Lines: 27 Message-ID: <4sgvrb$8of@multivac.orthanc.com> References: <31E63862.36A2@soonet.ca> <4s5u64$m4d@dira.rv.tis.com> NNTP-Posting-Host: multivac.orthanc.com mark@dira.rv.tis.com (Mark Sienkiewicz) writes: >If you want to protect other services, you also have to install a >tcp wrapper for them. For example, you could refuse mail from >a particular site by installing a tcp wrapper on port 25 and >having it run sendmail (with the appropriate flags to make it >handle a SMTP transaction on it's standard input). Not if you have MX records pointing to more than one host ... If you refuse the incoming SMTP connect, the sender falls back to your backup MX host(s). The backup then cheerfully delivers the message to you. And no combination of packet filters, wrappers, proxies, or whatever is going to prevent people from "source routing" (at the RFC822 header level) around a blocked machine or network. --lyndon -- Orthanc Systems -- Internet and UNIX consulting -- Prince George, B.C _____________________________________________________________________ lyndon@orthanc.com || canada!lyndon || Fax: +1 604 561 2067 http://www.orthanc.com/