I have not read on the access_db feature in some time, but I do know that tcpwrappers will only protect connections coming in on ports you specify, and only when the initial connection is made (for persistent connections). Programs running on your box will be able to connect to whom ever they please, unaffected by tcpwrappers. >>> mjn at umn.edu 02/27/01 09:55AM >>> My understanding of the access_db feature is it is for selective denial of SMTP relaying and not necessarily for denying access to SMTP (delivery) for all but a select one or two...perhaps i am wrong in that perception. Since I am not really relaying any mail, nor do I plan on it, I don't think this is quite the fix i am looking for (again, I may be totally wrong in my understanding of access_db). While it is a nice feature for blocking unsolicited spammers, it does not perform quite the way I'd like. I'd like to deny SMTP connects from all but the mail gateway. They way we have things set up is something like this: - Novell Groupwise 5.5 with internet aliases for all of our majordomo lists and majordomo it self. - The majordomo box is set up with masquerade_as and an MX entry of the Groupwise box So all mail to majordomo should come from that one host. My thinking is that limiting SMTP access with ipchains or wrappers would provide another level of assurance and eliminate any chance that box gets used for ill. I have access_db enabled in my current sendmail.cf and, given the allowable sytax for entries, there is no (simple?) way to accomplish this. If I were to enable wrapper support, would that limit my delivery capability as well or will sendmail be free to connect to whomever it chooses and only limit who connects to it? Hope that makes sense...thanks again ____________________________ Mike Neuharth ADCS Technology Specialist http://www.umn.edu/adcs E-Mail : mjn at umn.edu Page Mail : 6126486512 at page.metrocall.com http://supermonkeycollider.dyndns.org/ ____________________________ _______________________________________________ tclug-list mailing list tclug-list at mn-linux.org https://mailman.mn-linux.org/mailman/listinfo/tclug-list