Re: Solaris 8 - Configuring sendmail relay (NoAuth inbound -> SSL outbound)
- From: per@xxxxxxxxxxxx (Per Hedeland)
- Date: Mon, 26 May 2008 06:09:45 +0000 (UTC)
In article <0cp_j.2025$jI5.1571@xxxxxxxxxxxxxxxxxxxx> Dave Anderson
<r-n-d@xxxxxxxxxxx> writes:
Per Hedeland wrote:
Your MTA is rejecting messages from your MSP, not a good idea...
What's in your access db?
As follows... I don't think I was able to find what I was looking for by
searching for "access" in the official PDF doc or sendmail.org's "tips"
page so I dredged this up from the internet.
# When actually sending from localhost it uses the IP. Spammers will
# take advantage of 'localhost' though
localhost REJECT
So this line is the problem. I'm not sure what you're trying to achieve
here (maybe you aren't either) - it doesn't matter what the client
"uses" to make the connection, in fact a server can't possibly know
that, and sendmail will look for matching entries both for the IP
address (which it always knows) and for the result of reverse-lookup
(PTR) of that IP address - but the latter is only done if also the
forward-lookup (A/AAAA) of the PTR result is successful *and* includes
the original IP address in *its* result.
So, as far as connect-time checking of the client host (i.e. entries
that would be best tagged with "Connect:") is concerned, a 'localhost'
entry will only match for clients that have an IP address included in
the result of a lookup of 'localhost' on your host - hopefully the only
address returned by that is 127.0.0.1 (possibly the IPv6 ::1 equivalent
too), otherwise you need to fix *that*. And all this entry does is then
to block connections from the local host, just as if you had a REJECT
entry for 127.0.0.1.
Take it out.
127.0.0.1 RELAY
You can take that one out to, since anything in class $={w} (which
includes both 127.0.0.1 and the name it reverse-resolves to) is allowed
to relay by default.
* RELAY
Thankfully asterisks don't match anything at all in access db, otherwise
this line might get you in big trouble. Take it out.
# We also are going by IP Addresses
192.168.69.* RELAY
You want
Connect:192.168.69 RELAY
for this. Assuming that you're actually using 192.168.69.xx addresses on
your local network, that is.
A general comment: The default sendmail setup is quite secure - it
doesn't really make sense to put *anything* in access db until you have
basic mail functionality working. Once you have that, you generally need
to loosen things up a bit (like in the last entry above) to get
everything you need working. *Then* you can perhaps start putting in
restrictions to deal with spam, carefully checking what you break at
each point.
--Per Hedeland
per@xxxxxxxxxxxx
.
- Follow-Ups:
- Re: Solaris 8 - Configuring sendmail relay (NoAuth inbound -> SSL outbound)
- From: Dave Anderson
- Re: Solaris 8 - Configuring sendmail relay (NoAuth inbound -> SSL outbound)
- From: Dave Anderson
- Re: Solaris 8 - Configuring sendmail relay (NoAuth inbound -> SSL outbound)
- From: Dave Anderson
- Re: Solaris 8 - Configuring sendmail relay (NoAuth inbound -> SSL outbound)
- References:
- Solaris 8 - Configuring sendmail relay (NoAuth inbound -> SSL outbound)
- From: Dave.Anderson-NOSPAM
- Re: Solaris 8 - Configuring sendmail relay (NoAuth inbound -> SSL outbound)
- From: Dave Anderson
- Re: Solaris 8 - Configuring sendmail relay (NoAuth inbound -> SSL outbound)
- From: Per Hedeland
- Re: Solaris 8 - Configuring sendmail relay (NoAuth inbound -> SSL outbound)
- From: Dave Anderson
- Solaris 8 - Configuring sendmail relay (NoAuth inbound -> SSL outbound)
- Prev by Date: Re: Solaris 8 - Configuring sendmail relay (NoAuth inbound -> SSL outbound)
- Next by Date: Re: cyrus & sendmail
- Previous by thread: Re: Solaris 8 - Configuring sendmail relay (NoAuth inbound -> SSL outbound)
- Next by thread: Re: Solaris 8 - Configuring sendmail relay (NoAuth inbound -> SSL outbound)
- Index(es):
Relevant Pages
|
