On Mon, August 18, 2008 2:04 am, -ray wrote: > On Thu, 14 Aug 2008, Ronnie Gilkey wrote: > >> giving me some trouble. Currently sendmail will allow: a) relaying for >> a mailbox on any local domain without authentication, and b) to anyone >> if the sender is authenticated. I would like to remove the rights given >> in (a). This would force authentication even if the recipient is for a >> locally hosted domain. >
> I'm confused why you don't want to relay for a local domain. Is this an > Internet-facing or internal SMTP server? > > Sendmail shouldn't relay anything by default. In addition to the access > map, do you have a RELAY_DOMAIN or RELAY_DOMAIN_FILE set? Sometimes they > are /etc/mail/local-host-names and /etc/mail/relay-domains. If nothing > there, still check class R manually (run sendmail -bt, then type $=R). > Using any FEATURE's that mention relaying? > > I'm guessing you went through the ANTI-SPAM CONFIGURATION CONTROL section > in the Sendmail config guide already. It goes over the relay FEATURES. > http://www.sendmail.org/documentation/configurationReadme > > ray > -- > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > Ray DeJean http://www.r-a-y.org > Systems Engineer Southeastern Louisiana University > IBM Certified Specialist AIX Administration, AIX Support > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > > _______________________________________________ > General mailing list > [email protected] > http://mail.brlug.net/mailman/listinfo/general_brlug.net > > -- > This message was scanned by ESVA and is believed to be clean. > Click here to report this message as spam. > http://esva.puryear-it.com/cgi-bin/learn-msg.cgi?id= > > > Ray, I did get a resolution, though not the most graceful. I did read the Sendmail topics, but couldn't find exactly what I wanted. I don't want to relay for a local domain because: 1) The box is internet-facing 2) There is a gateway in front of it that handles the mail via MX records and then delivers to it. Originally there was no gateway and MX records pointed directly at the server. So spammers have learned they can bypass the MX records and deliver straight to the mail server. I can't just tweak the firewall because there are end users that relay through the box from anywhere with credentials. The spammers are causing performance issues, so that's why I needed to configure the gateway and localhost to be the only clients allowed to relay without credentials. I commented these lines in the sendmail.cf: # anything terminating locally is ok #R$+ < @ $=w > $@ RELAY #R$+ < @ $* $=R > $@ RELAY #R$+ < @ $+ > $: $>D <$2> <?> <+ To> <$1 < @ $2 >> #R<RELAY> $* $@ RELAY That took out the relaying access to anything local without credentials. It also means I have to watch out in-case the file changes. That could happen since it's a VPS server. If anyone knows the right configuration to do this in an MC file to avoid the change from being overwritten I'd love to hear about it. Thanks, Ronnie Gilkey [EMAIL PROTECTED] -- Puryear Information Technology, LLC Baton Rouge, LA * 225-706-8414 http://www.puryear-it.com Visit http://www.puryear-it.com/publications.htm to download your free copies of: "Best Practices for Managing Linux and UNIX Servers" "Spam Fighting and Email Security in the 21st Century"
_______________________________________________ General mailing list [email protected] http://mail.brlug.net/mailman/listinfo/general_brlug.net
