access.db relay for specified domains

[eevdropper]

Hi,

Hosts that can send mail we put in the ACCESS file.
The sender address then needs to be specified in the VIRTUSERTABLE file.
But when a host that's included in the ACCESS file uses a sender address with a Non-Existent domain in the VIRTUSERDOMAIN file, the mail gets relayed.

Can we put a host in the access file and at the same time reduce the domains for which he can send mail?

cheers,

 

[RhythmAce]

I'm not a big fan of the access file. The only reason I can think of for having it is so domains can send mail via mail programs and scripts from their sites. You should only have these three in access.db:

127.0.0.1
localhost
localhost.locandomain

Any domain which your server hosts should be in a file called /etc/mail/local-host-names. Now all control is given to virtualhost names. It is not a harsd thing for those who would do evil to find or even guess a user@yourdomain.com and hence be able to spoof this address. This will allow them to use your system as an open relay through which they can send bulk mail or SPAM!. To secure you server, add a catch-all at the end of each domain section in your virtusertable. It's as simple as adding this line for each of your hosted domains:

@domain1.com error:nouser This server does not allow spam!

if no match is found for that domain, it falls through to the catch-all and an erro message is returned. In this case "This server does not allow spam!". You can make it anything you want such as "unknown user" or "user not found". The next thing you will have to do is setup smtpauth. Here is a thread that will help explain everything: thread14-1329684