inbound relay NOT open relay

[uncre8tv]

I'm trying to use sendmail (non commercial 8.13.1 on FreeBSD 5.3) as an inbound smtp relay, for the purposes of filtering using spamassassin et al.

I have it set so that it is relaying to my mailserver and filtering without issue, BUT it is acting as a wide open relay for the world. If I remove the "access_db" feature it closes the open relay, but it gives me a "user unknown" error for the inbound addresses (while giving a propper "relay prohibited" for non inbound addresses).

I have three domains serviced by my existing mailserver at internal address 192.168.1.10, the relay server is also on an internal address and can ping/resolve the mailserver without issue

right now my access file looks thusly:
mydomain1.com RELAY
mydomain2.com RELAY
mydomain3.com RELAY

my mailertable looks thusly:
mydomain1.com smtp:[192.168.1.10]
mydomain2.com smtp:[192.168.1.10]
mydomain3.com smtp:[192.168.1.10]

at the moment I am not using the virtusertable feature, but I have tried it with the following lines:
mydomain1.com %1@mydomain1.com
mydomain2.com %1@mydomain2.com
mydomain3.com %1@mydomain3.com

any ideas to try?

thanks,
Keith
uncre8tv@yahoo.com

 

[RhythmAce]

You should have to have more than just the local hosts in access.db for example:

127.0.0.1 RELAY
localhost RELAY
localhost.localdomain RELAY

You may want to add smtp_auth to prevent someone trying to relay through your server. By default, a username/password are only checked when a pop3 request is made. This is usually done after the smtp mail is sent which is too late. Using smtp_auth checks all smtp requsets for user/password. If you have saslauthd installed, then setup will be a snap. Just have it start at bootup. Then add or uncomment these line in sendmail.mc:

define(`confAUTH_OPTIONS', `A')dnl

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

Don't forget to run m4 and restart sendmail.