If you have control of the gateway device, configure it to transfer mail to the server using authentication. Then configure the server to only accept authenticated smtp (at least from anything not localhost).
> Ray, > > I did get a resolution, though not the most graceful. I did read the > Sendmail topics, but couldn't find exactly what I wanted. I don't want to > relay for a local domain because: > > 1) The box is internet-facing > 2) There is a gateway in front of it that handles the mail via MX records > and then delivers to it. > > Originally there was no gateway and MX records pointed directly at the > server. So spammers have learned they can bypass the MX records and deliver > straight to the mail server. I can't just tweak the firewall because there > are end users that relay through the box from anywhere with credentials. > The spammers are causing performance issues, so that's why I needed to > configure the gateway and localhost to be the only clients allowed to relay > without credentials. > > I commented these lines in the sendmail.cf: > > # anything terminating locally is ok > #R$+ < @ $=w > $@ RELAY > #R$+ < @ $* $=R > $@ RELAY > #R$+ < @ $+ > $: $>D <$2> <?> <+ To> <$1 < @ $2 >> > #R<RELAY> $* $@ RELAY > > That took out the relaying access to anything local without credentials. It > also means I have to watch out in-case the file changes. That could happen > since it's a VPS server. > > If anyone knows the right configuration to do this in an MC file to avoid > the change from being overwritten I'd love to hear about it. > > Thanks, > > Ronnie Gilkey > [EMAIL PROTECTED] _______________________________________________ General mailing list [email protected] http://mail.brlug.net/mailman/listinfo/general_brlug.net
