File: hosts.allow.sample

package info (click to toggle)
smtp-refuser 1.0.5.0.1
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k
  • size: 84 kB
  • ctags: 18
  • sloc: ansic: 209; sh: 70; makefile: 43
file content (118 lines) | stat: -rw-r--r-- 4,686 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
### DO NOT USE THIS FILE, but read it and learn how to
### create one that you can use:

# This is an *example* set of rules for /etc/hosts.allow --
# the IP addresses in this file are of historical value only; 
# DO NOT USE THEM without careful review, because many of these 
# IP addresses are now being used by other (presumably worthy) 
# organizations, from whom you will not want to refuse mail.

# If you don't want to carefully edit and maintain a file
# like this manually, I strongly urge you to configure your
# mail transfer agent to use one (or more) of the internet-based
# "black hole lists" (RBL, ORBS, etc.) instead.

# If you do want to do it manually, and customize responses
# for different groups of violators, smtp-refuser is for you.

# Please consult the hosts_access(5) man page for details
# on how these (tcpd /etc/hosts.allow) rules are formatted.

# By "allowing" a connection to smtp-refuser (in the hosts.allow
# file), you cause smtp-refuser to refuse that connection and
# return a meaningful response to the connecting system.  The
# parameters passed to smtp-refuser specify which template file
# and substitution-values to use.  See smtp-refuser(8) for details.

# By not "allowing" a conneciton to smtp-refuser, i.e. for all 
# smtp connections that don't match the rules in hosts.allow,
# you cause tcpd to pass the connection to your real smtp
# agent.

# -- David Coe <davidc@debian.org>, 04 November, 1999

#-- smtp-refuser begin

# Verisim runs awry of PARANOID? Can't they fix their DNS? - Bruce
tcp-env qmail-smtpd in.smtpd in-smtpd smtpd sendmail smail exim: \
	207.134.10.201
tcp-env qmail-smtpd in.smtpd in-smtpd smtpd sendmail smail exim: \
	gatekeeper.verisim.com

#
# Bounce  mail from hosts with names that don't match their own IP addresses.
# This is either a forgery or a DNS problem.
tcp-env:	PARANOID: twist /usr/sbin/smtp-refuser /usr/lib/smtp-refuser/paranoid %h %a

# The following net blocks are denied e-mail access because they belong to
# sites that have not yet established an effective anti-spam policy.

# Alternate Access Inc. Host of SSC, gets connectivity from AGIS but
# SSC is OK.
tcp-env qmail-smtpd in.smtpd in-smtpd smtpd sendmail smail exim: \
	204.157.220.0/255.255.255.0 : allow

# AGIS provides net connectivity to most of the well-known spammers.
# They get their own special reject message.
tcp-env qmail-smtpd in.smtpd in-smtpd smtpd sendmail smail exim: \
	205.254.160.0/255.255.224.0 \
	206.82.252.0/255.255.255.0 \
	207.142.0.0/255.255.0.0 \
	207.15.68.0/255.255.252.0 \
	208.18.18.0/255.255.255.0 \
	208.18.4.0/255.255.252.0 \
	209.14.0.0/255.255.0.0 \
	204.68.252.0/255.255.255.0 \
	204.137.128.0/255.255.128.0 \
	205.164.0.0/255.255.0.0 \
	206.62.0.0/255.255.0.0 \
	205.198.0.0/255.254.0.0 \
	206.42.0.0/255.254.0.0 \
	206.148.0.0/255.254.0.0 \
	206.185.0.0/255.255.0.0 \
	206.248.0.0/255.252.0.0 \
	206.84.0.0/255.254.0.0 \
	204.157.0.0/255.255.0.0: \
	twist /usr/sbin/smtp-refuser /usr/lib/smtp-refuser/agis %h %a

# The following sites are not necessarily rogue IPs, but they have
# not been able to stop spammers from using their systems.

# "www.kia.co.kr", advertising for Samsung.
tcp-env qmail-smtpd in.smtpd in-smtpd smtpd sendmail smail exim: \
	203.248.232.0/255.255.255.0 : \
	twist /usr/sbin/smtp-refuser /usr/lib/smtp-refuser/site-rejected %h %a

# "Expertise Plus", "aaaa.net".
tcp-env qmail-smtpd in.smtpd in-smtpd smtpd sendmail smail exim: \
	207.41.8.0/255.255.255.0 : \
	twist /usr/sbin/smtp-refuser /usr/lib/smtp-refuser/site-rejected %h %a

# "Ft. Lauderdale Network", a Cable and Wireless Customer.
tcp-env qmail-smtpd in.smtpd in-smtpd smtpd sendmail smail exim: \
	209.25.80.0/255.255.252.0 : \
	twist /usr/sbin/smtp-refuser /usr/lib/smtp-refuser/site-rejected %h %a

# "Phoenixnet.net".
tcp-env qmail-smtpd in.smtpd in-smtpd smtpd sendmail smail exim: \
	156.46.50.0/255.255.255.0 : \
	twist /usr/sbin/smtp-refuser /usr/lib/smtp-refuser/site-rejected %h %a

# "ATT Plus Services (Worldnet)"
tcp-env qmail-smtpd in.smtpd in-smtpd smtpd sendmail smail exim: \
	204.127.0.0/255.255.0.0 : \
	twist /usr/sbin/smtp-refuser /usr/lib/smtp-refuser/site-rejected %h %a

# "Autobahn Access"
tcp-env qmail-smtpd in.smtpd in-smtpd smtpd sendmail smail exim: \
	204.112.189.2/255.255.255.0 : \
	twist /usr/sbin/smtp-refuser /usr/lib/smtp-refuser/site-rejected %h %a

# Here's a catch-all that replaces Qmail's "tcp-env" program.
tcp-env qmail-smtpd in.smtpd in-smtpd smtpd sendmail smail exim: \
	ALL: \
	rfc931 30: setenv PROTO TCP: setenv TCPLOCALHOST %H: \
	setenv TCPLOCALIP %A: setenv TCPREMOTEHOST %h: \
	setenv TCPREMOTEIP %a: setenv TCPREMOTEINFO %c: allow

#-- smtp-refuser end