Re: Beaten to Death: Open Relay
- From: base60 <nobody@xxxxxxxxxxxxxx>
- Date: Sun, 19 Mar 2006 02:52:22 GMT
StupidScript wrote:
Sendmail 8.11.6 / RH 7.2
(Boy do I wish I could update the OS and subsequently, Sendmail, but
this is not an option.) That said, and after reading everything I can
find without resorting to buying a book...
http://www.sendmail.org
You can update sendmail manually.
Should compile easily on a RH system.
I'm having tremendous difficulty getting Sendmail set up to (a) close
its open relay status AND (b) let people from my office send mail from
the office.
I believe that version has relaying closed by default...
According to "Allowing Controlled SMTP Relaying in Sendmail 8.9 and
later" (http://www.sendmail.org/tips/relaying.html):
"The simplest approach is to list the domains you are willing to relay
in the file /etc/mail/relay-domains. Anything listed in this file will
be accepted for relaying."
Yehp.
Nice, but completely ineffective, for me. It doesn't matter what I put
in or leave out of relay-domains, there is simply no impact on
relaying, good or bad.
It's always useful to put in some log files, so people know what
you mean by the above.
So I move to the access/access.db files:
"The access database (normally in /etc/mail/access) allows a mail
administrator to administratively allow access to the mail server by
individual domains. Each database entry consists of a domain name or
network number as the key and an action as the value."
Everything I've read tells me to include my domain or IP address or IP
block and set its action to either OK or RELAY and everything will be
fine.
Yehp.
Um ... nope. And HERE is where the trouble lies, I suspect. It doesn't
matter which domain (example.com or mail.example.com) I include or
which office IP address/block I include ... the ONLY thing that lets
people in my office send mail through the server is to include the IP
address of the server itself (not an internal one ... the public one)
as RELAY or OK ... which causes the server to become an open relay!
Arrgh!
Logs? Errors?
I''m stuck with either a perpetually open relay or the people in my
office can't send mail.
Before we get on to SMTP Auth, STARTTLS and POP-before-SMTP (which are
recommended but, as I understand it, not required), I need to ask:
Is there something that enables relay-domains?
I had thought it was enabled (and empty) by default.
In your sendmail.cf file....
FR-o /etc/mail/relay-domains
Why is it that the only entry in access.db that makes any difference
when relaying outbound mail from my office is the public IP address of
the mail server?
Logs? Errors?
I'll happily post a neutered version of my .mc file. At least, here is
the line for access.db, in case I am using the wrong switches, or
something:
FEATURE(`access_db',`hash -o /etc/mail/access.db')dnl
How did you populate your access.db?
My brain is hurting, and nearly every bit of advice I've seen posted
says "read the docs" ... which is where I started and return to
repeatedly. But when the docs say "simply do this" and "this" doesn't
work ... well ...
Ah, well, the docs are actually pretty good and it does work as
advertised... lot of options, so it's easy to get lost.
.
I very much appreciate any help with this. I feel silly, but what can I
say? Thank you in advance.
- References:
- Beaten to Death: Open Relay
- From: StupidScript
- Beaten to Death: Open Relay
- Prev by Date: Re: Beaten to Death: Open Relay
- Next by Date: Re: Help - Spam attack via cgi script and sendmail?
- Previous by thread: Re: Beaten to Death: Open Relay
- Next by thread: Help - Spam attack via cgi script and sendmail?
- Index(es):
Relevant Pages
|
