Yes, probably. The issue is that he wants to limit local mail delivery (it's not really relaying) to only authenticated clients and 1 relay host (his gateway mx device). If you configure your relay host to also be an authenticated client, then you can accomplish the goal by requiring all smtp connections on the server to authenticate. He has a working solution it sounds like, I'm just suggesting an alternative method.
On Wed, Aug 27, 2008 at 10:42 AM, Dustin Puryear <[EMAIL PROTECTED]> wrote: > Quoting what you just said, I think this WAS the original idea of the > question: "Then configure the server to only accept authenticated smtp > (at least from anything not localhost)." > > -- > Dustin Puryear > President and Sr. Consultant > Puryear Information Technology, LLC > 225-706-8414 x112 > http://www.puryear-it.com > > Author, "Best Practices for Managing Linux and UNIX Servers" > http://www.puryear-it.com/pubs/linux-unix-best-practices/ > > > Paul Rushing wrote: >> If you have control of the gateway device, configure it to transfer >> mail to the server using authentication. Then configure the server to >> only accept authenticated smtp (at least from anything not localhost). >> >> >>> Ray, >>> >>> I did get a resolution, though not the most graceful. I did read the >>> Sendmail topics, but couldn't find exactly what I wanted. I don't want to >>> relay for a local domain because: >>> >>> 1) The box is internet-facing >>> 2) There is a gateway in front of it that handles the mail via MX records >>> and then delivers to it. >>> >>> Originally there was no gateway and MX records pointed directly at the >>> server. So spammers have learned they can bypass the MX records and deliver >>> straight to the mail server. I can't just tweak the firewall because there >>> are end users that relay through the box from anywhere with credentials. >>> The spammers are causing performance issues, so that's why I needed to >>> configure the gateway and localhost to be the only clients allowed to relay >>> without credentials. >>> >>> I commented these lines in the sendmail.cf: >>> >>> # anything terminating locally is ok >>> #R$+ < @ $=w > $@ RELAY >>> #R$+ < @ $* $=R > $@ RELAY >>> #R$+ < @ $+ > $: $>D <$2> <?> <+ To> <$1 < @ $2 >> >>> #R<RELAY> $* $@ RELAY >>> >>> That took out the relaying access to anything local without credentials. It >>> also means I have to watch out in-case the file changes. That could happen >>> since it's a VPS server. >>> >>> If anyone knows the right configuration to do this in an MC file to avoid >>> the change from being overwritten I'd love to hear about it. >>> >>> Thanks, >>> >>> Ronnie Gilkey >>> [EMAIL PROTECTED] >> >> _______________________________________________ >> General mailing list >> [email protected] >> http://mail.brlug.net/mailman/listinfo/general_brlug.net >> >> -- >> This message was scanned by ESVA and is believed to be clean. >> Click here to report this message as spam. >> http://esva.puryear-it.com/cgi-bin/learn-msg.cgi?id= >> >> > > _______________________________________________ > General mailing list > [email protected] > http://mail.brlug.net/mailman/listinfo/general_brlug.net > -- ========================== Paul Rushing [EMAIL PROTECTED] ========================== _______________________________________________ General mailing list [email protected] http://mail.brlug.net/mailman/listinfo/general_brlug.net
