*BSD News Article 73942


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!spool.mu.edu!usenet.eel.ufl.edu!news-res.gsl.net!news.gsl.net!news.mathworks.com!newsfeed.internetmci.com!info.ucla.edu!unixg.ubc.ca!aurora.cs.athabascau.ca!mag-net.com!canada!canada!not-for-mail
From: lyndon@orthanc.com (Lyndon Nerenberg)
Newsgroups: comp.unix.bsd.misc
Subject: Re: Tcp Wrappers
Date: 16 Jul 1996 13:59:23 -0700
Organization: Orthanc Systems
Lines: 27
Message-ID: <4sgvrb$8of@multivac.orthanc.com>
References: <31E63862.36A2@soonet.ca> <4s5u64$m4d@dira.rv.tis.com>
NNTP-Posting-Host: multivac.orthanc.com

mark@dira.rv.tis.com (Mark Sienkiewicz) writes:

>If you want to protect other services, you also have to install a
>tcp wrapper for them.  For example, you could refuse mail from
>a particular site by installing a tcp wrapper on port 25 and
>having it run sendmail (with the appropriate flags to make it
>handle a SMTP transaction on it's standard input).

Not if you have MX records pointing to more than one host ...

If you refuse the incoming SMTP connect, the sender falls back to
your backup MX host(s). The backup then cheerfully delivers the
message to you.

And no combination of packet filters, wrappers, proxies, or whatever
is going to prevent people from "source routing" (at the RFC822
header level) around a blocked machine or network.

--lyndon



-- 
Orthanc Systems -- Internet and UNIX consulting -- Prince George, B.C
_____________________________________________________________________
     lyndon@orthanc.com || canada!lyndon || Fax: +1 604 561 2067
                      http://www.orthanc.com/