Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

configuring sendmail

Status
Not open for further replies.
kaancho12

kaancho12

Technical User
Feb 22, 2005
191
it seems that the spammers are able to relay mail using non-existent account on our server. for example even though webmaster@abc.com doesnt exist in our users account(at abc.com) they can relay message through that.
i checked the file /etc/mail/access and it had these settings:
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
companyip RELAY
is there a way to configure sendmail so that only users that exist in our server are able to relay messages through the ip.
thanks
'ko12
 
Sort by date Sort by votes
You really should be using smtpauth. The way things work right now is that when mail gets sent through your server it relays it unless you specifically tell it not to. Then once the cows got out, the pop server will authenticate the user by checking user name and password. There are two things you can do. One is to use a method called pop-before-smtp which is somewhat out dated nowadays. The prefered way is to use smtpauth which requires saslauthd to be installed and running. Then you need to add or uncomment a couple lines in sendmail.mc. I will post them for you in my next post.

 
Upvote 0 Downvote
Code: 
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

This will cause the smtp server to ask for the user's name and password before it will relay any mail. The drawback to this is if you have a lot of users. You will need to tell all of them that they will need to configure their mail client to give this info. It's really very simple. For example, if they are using outlook, they can go to Tools > Accounts then highlight the account and click properties. click on the "Servers" tab and in the section for the outgoing server check the box that says "This server requires authentication". There should be a button to configure it and when the window pops up just click on "Use the same info and the incoming server". Close the window and save. No mail will be lost. They just won't be able to send any mail until this is done.
 
Upvote 0 Downvote
thanks for your advice. one problem though is that there are some scripts that are run through cron-jobs that send out emails too. and they exist on company ip not on the host- machine. i will read more on smtpauth in the meantime.
thanks
ko12
 
Upvote 0 Downvote
Your scripts will still work because they run as a valid user on your system. They also access sendmail directly rather then the smtp port which tells it right off the bat that it's a local user.
 
Upvote 0 Downvote
as RhythmAce indicated, services or scripts (or local requests) will not have a problem.

Another option to smtpauth is pop-before-smtp which has served me very well for some time.. both do about the same thing, though SMTP_AUTH is the current method being utilized.

I just don't like to monkey with things that work ;)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mikheil
  • Locked
  • Question
SMF Forum - sendmail not working
Replies
0
Views
3K
Mikheil
Mikheil
kitaman
  • Locked
  • Question
sendmail -bv
Replies
0
Views
2K
kitaman
kitaman
gwak1193
  • Locked
  • Question
sendmail smarthost
Replies
0
Views
2K
gwak1193
gwak1193
lolodirezo
  • Locked
  • Question
detect unused sendmail mailboxes in order to delete these boxes
Replies
0
Views
2K
lolodirezo
lolodirezo
cjtucker1976
  • Locked
  • Question
Sendmail- can only send mail to external domains
Replies
0
Views
2K
cjtucker1976
cjtucker1976

Part and Inventory Search

Sponsor

Back
Top