Quoting what you just said, I think this WAS the original idea of the question: "Then configure the server to only accept authenticated smtp (at least from anything not localhost)."
-- Dustin Puryear President and Sr. Consultant Puryear Information Technology, LLC 225-706-8414 x112 http://www.puryear-it.com Author, "Best Practices for Managing Linux and UNIX Servers" http://www.puryear-it.com/pubs/linux-unix-best-practices/ Paul Rushing wrote: > If you have control of the gateway device, configure it to transfer > mail to the server using authentication. Then configure the server to > only accept authenticated smtp (at least from anything not localhost). > > >> Ray, >> >> I did get a resolution, though not the most graceful. I did read the >> Sendmail topics, but couldn't find exactly what I wanted. I don't want to >> relay for a local domain because: >> >> 1) The box is internet-facing >> 2) There is a gateway in front of it that handles the mail via MX records >> and then delivers to it. >> >> Originally there was no gateway and MX records pointed directly at the >> server. So spammers have learned they can bypass the MX records and deliver >> straight to the mail server. I can't just tweak the firewall because there >> are end users that relay through the box from anywhere with credentials. >> The spammers are causing performance issues, so that's why I needed to >> configure the gateway and localhost to be the only clients allowed to relay >> without credentials. >> >> I commented these lines in the sendmail.cf: >> >> # anything terminating locally is ok >> #R$+ < @ $=w > $@ RELAY >> #R$+ < @ $* $=R > $@ RELAY >> #R$+ < @ $+ > $: $>D <$2> <?> <+ To> <$1 < @ $2 >> >> #R<RELAY> $* $@ RELAY >> >> That took out the relaying access to anything local without credentials. It >> also means I have to watch out in-case the file changes. That could happen >> since it's a VPS server. >> >> If anyone knows the right configuration to do this in an MC file to avoid >> the change from being overwritten I'd love to hear about it. >> >> Thanks, >> >> Ronnie Gilkey >> [EMAIL PROTECTED] > > _______________________________________________ > General mailing list > [email protected] > http://mail.brlug.net/mailman/listinfo/general_brlug.net > > -- > This message was scanned by ESVA and is believed to be clean. > Click here to report this message as spam. > http://esva.puryear-it.com/cgi-bin/learn-msg.cgi?id= > > _______________________________________________ General mailing list [email protected] http://mail.brlug.net/mailman/listinfo/general_brlug.net
