[Linux-Anyway] Re: Damn it! Open relay -- again
- From: Skylinux <skylinux@xxxxxxxxxxxxx>
- To: Linux-Anyway@xxxxxxxxxxxxx
- Date: Mon, 24 Mar 2003 00:11:59 -0500
Meph Istopheles wrote:
> 1. As I don't remember the commands one enters from another
> client to attempt to relay through a server, can someone provide
> me with those?
> 2. I'm looking at a sendmail config to not only illiminate
> relaying except for specific clients, but also to simplify
> sendmail's config. Does anyone have enough sendmail knowledge to
> verify the info here:
> Meph
/var/log/maillog.4
Mar 1 01:39:53 network-technologies sm-mta[11234]: h216dpJM011234:
ruleset=check_rcpt, arg1=<sdgyjsgjhs@xxxxxxxxxxxxxx>, rela
y=axis.software.powerinternetcr.com [216.25.173.133] (may be forged),
reject=550 5.7.1 <sdgyjsgjhs@xxxxxxxxxxxxxx>... Relaying
denied. IP name possibly forged [216.25.173.133]
And here is how I did it:
in /etc/mail/access
list the IPs/domains who are allowed to relay:
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
192.X.X RELAY
here is the full info from the access file, search google on how to
update the file so that sendmail accepts your new access rules.
# Description showing bellow for the format of this file comes from
# the Sendmail source distribution under "cf/README" file.
#
# The table itself uses e-mail addresses, domain names, and network
# numbers as keys. For example,
#
# spammer@xxxxxxx REJECT
# cyberspammer.com REJECT
# 192.168.212 REJECT
#
# would refuse mail from spammer@xxxxxxx, any user from cyberspammer.com
# (or any host within the cyberspammer.com domain), and any host on the
# 192.168.212.* network.
#
# The value part of the map can contain:
#
# OKAccept mail even if other rules in the
# running ruleset would reject it, for example,
# if the domain name is unresolvable.
# RELAY Accept mail addressed to the indicated domain or
# received from the indicated domain for relaying
# through your SMTP server. RELAY also serves as
# an implicit OK for the other checks.
# REJECT Reject the sender or recipient with a general
# purpose message.
# DISCARD Discard the message completely using the
# $#discard mailer. This only works for sender
# addresses (i.e., it indicates that you should
# discard anything received from the indicated
# domain).
# ### any text where ### is an RFC 821 compliant error code
# and "any text" is a message to return for
# the command.
#
# For example:
#
# cyberspammer.com 550 We don't accept mail from spammers
# okay.cyberspammer.com OK
# sendmail.org OK
# 128.32 RELAY
#
# would accept mail from okay.cyberspammer.com, but would reject mail
# from all other hosts at cyberspammer.com with the indicated message.
# It would allow accept mail from any hosts in the sendmail.org domain,
# and allow relaying for the 128.32.*.* network.
#
# You can also use the access database to block sender addresses based on
# the username portion of the address. For example:
#
# FREE.STEALTH.MAILER@ 550 Spam not accepted
#
# Note that you must include the @ after the username to signify that
# this database entry is for checking only the username portion of the
# sender address.
#
# If you use like we do in our "sendmail.mc macro configuration:
#
# FEATURE(`blacklist_recipients')
#
# then you can add entries to the map for local users, hosts in your
# domains, or addresses in your domain which should not receive mail:
#
# badlocaluser 550 Mailbox disabled for this username
# host.mydomain.com 550 That host does not accept mail
# user@xxxxxxxxxxxxxxxxxxxxxx 550 Mailbox disabled for this
recipient
#
# This would prevent a recipient of badlocaluser@xxxxxxxxxxxx, any
# user at host.mydomain.com, and the single address
# user@xxxxxxxxxxxxxxxxxxxxxx from receiving mail. Enabling this
# feature will keep you from sending mails to all addresses that
# have an error message or REJECT as value part in the access map.
# Taking the example from above:
#
# spammer@xxxxxxx REJECT
# cyberspammer.com REJECT
#
# Mail can't be sent to spammer@xxxxxxx or anyone at cyberspammer.com.
#
# Now our configuration of access file,
# by default we allow relaying from localhost...
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
192.X.X RELAY
Hope this helps
Skylinux
To unsubcribe send e-mail with the word unsubscribe in the body to:
Linux-Anyway-Request@xxxxxxxxxxxxx?body=unsubscribe
Other related posts:
