Solved

Host.Allow, Host.Deny

Posted on 2007-11-21
6
2,133 Views
Last Modified: 2013-12-17
I want to refuse a whole set of IP from all services except sending email to us.
eg. IP 89.
In the host.allow file :
sendmail: 89.

In the host.deny file:
ALL: 89.

Is this correct ?

0
Comment
Question by:ChanYiuPong
6 Comments
 
LVL 10

Expert Comment

by:ssvl
ID: 20332903
Yes you are right


order is this:

1. Allow the connection if it matches a line in hosts.allow. End.

2. Deny the connection if it maches a ling in hosts.deny. End.

3. Allow the connection.

Since the default is to allow any connection that doesn't match,
0
 

Author Comment

by:ChanYiuPong
ID: 20333429
But will the ALL override the sendmail. Do you mean that when it saw sendmail in host.allow with the IP, then it will not check host.deny ?
0
 

Author Comment

by:ChanYiuPong
ID: 20333441
And I should use "sendmail" and not "email" or something like that ?
0
Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

 
LVL 3

Expert Comment

by:amirs80
ID: 20333541
--------/etc/hosts.allow--------
ALL : attack_ip : DENY
sendmail : attack_ip : DENY
smtp : attack_ip : DENY

please check this
0
 
LVL 3

Expert Comment

by:mediaonegraphics
ID: 20338630
I agree with ssvl. The allow is parsed before deny. Also just put a sendmail allow and not smtp as it is handled by the sendmail daemon.
0
 
LVL 10

Accepted Solution

by:
ssvl earned 500 total points
ID: 20345982
But will the ALL override the sendmail. Do you mean that when it saw sendmail in host.allow with the IP, then it will not check host.deny

Yes(it check and reject the 2nd occurrence.)



And I should use "sendmail" and not "email" or something like that ?

You should use a service name

FYR
http://www.softpanorama.org/Net/xinetd_and_tcp_wrappers.shtml
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

MS outlook is a premier email client that enable you to send and receive the e-mails with various file formats of attachments such as document files, media file, and many others formats. There is some scenario occurs when a receiver of an e-mail mes…
Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now