Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

trying to block connections from DSL/cable hosts

4 views
Skip to first unread message

Bill None

unread,
Nov 27, 2005, 3:16:58 PM11/27/05
to
1. Is there a better way to block connections from various Comcast
hosts than to add 50+ lines (e.g., one per US state) to the access
file:

connect:al.comcast.net REJECT
connect:ak.comcast.net REJECT
connect:as.comcast.net REJECT
...
connect:wy.comcast.net REJECT

2. Is there a way to use the access file to block connections from
various Verizon hosts, all of which have a name that includes "pool" at
the beginning and "verizon.net" at the end, but could have some
arbitrary combination of characters in between? If not, is there some
other way to do this with Sendmail? (Currently running 8.13.4.)

Thanks,

Bill N.

Neil W Rickert

unread,
Nov 27, 2005, 6:44:19 PM11/27/05
to
"Bill None" <billno...@umpire.com> writes:

>1. Is there a better way to block connections from various Comcast
>hosts than to add 50+ lines (e.g., one per US state) to the access
>file:

>connect:al.comcast.net REJECT
>connect:ak.comcast.net REJECT
>connect:as.comcast.net REJECT
>...
>connect:wy.comcast.net REJECT

That's how I do it. I have 40 entries. There are a couple of city
entries (instead of state). And there is a "client.comcast.net".

>2. Is there a way to use the access file to block connections from
>various Verizon hosts, all of which have a name that includes "pool" at
>the beginning and "verizon.net" at the end, but could have some
>arbitrary combination of characters in between? If not, is there some
>other way to do this with Sendmail? (Currently running 8.13.4.)

I'm currently using

connect:dsl-verizon.net REJECT
connect:dsl-w.verizon.net REJECT
connect:east.verizon.net REJECT
connect:fios.verizon.net REJECT

Message has been deleted

Ben Jackson

unread,
Nov 27, 2005, 8:57:12 PM11/27/05
to
On 2005-11-27, Bill None <billno...@umpire.com> wrote:
> 1. Is there a better way to block connections from various Comcast
> hosts than to add 50+ lines (e.g., one per US state) to the access
> file:

I've got Comcast, and since their last big renumbering I have no DNS
at all. I'm not sure if that's just a mistake or if they're trying
to get outbound mail direct from their dynamic IPs to be rejected by
mailers that require reverse DNS. There's not even a PTR record for
the default router I'm assigned.

Anyway, long story short, reject clients with no reverse DNS, too.

--
Ben Jackson
<b...@ben.com>
http://www.ben.com/

0 new messages