open mail relay 1

[sonun]

I know its avery bad idea. But how di I turn opne mail relay on and off for my sendmail MTA. Currently it does not let anyone retrieve mails from outside the subnet. I know setting up open mail relay can be hazardous, but is there any way of managing it. Like keep a tab of something that will tell me everything is going all right.
I had also thought that I will shift the sendmail port to listen on any oher but the default making it a little more difficult for hackers. But, is that a sane idea and what are my considerations then ???
Thanks a bunch.

 

[kd4pba]

Hi,

Your right, it is a bad idea, if not managed right, those who send spam will have a field day.

Sendmail is not my expert area, but... I think this may help you, that is unless you have allready found it.

http://www.sendmail.org/tips/relaying.html

 

[ifincham]

Hi,

If you really want open house for some crazy reason it is possible to use the promiscuous_relay feature in your /etc/sendmail.mc - i.e. :

FEATURE(`promiscuous_relay')dnl

Then do the usual to update the .cf file....

# m4 /etc/mail/sendmail.mc > /etc/sendmail.cf

Regards

 

[sonun]

well thanks.
There is no way I am going to set up promiscuous_relay on the server, but just wondered how to do so. Thanks Ifincham for answering what I wanted to know.
Also, please ignore my other post, I had not included the ipop3d daemon in the /etc/hosts.allow and hence had the problem.
But, I do want to know if it would be ok to have both imap and pop3 for the same sendmail MTA.
I already have installed the package as,
'rpm -q imap' returns,
imap-2000c-10
But 'netstat -ap | grep imap' returns nothing.
'netstat -ap | grep pop' returns,
tcp 0 0 *op3s *:* LISTEN
3169/xinetd
tcp 0 0 *op3 *:* LISTEN
3169/xinetd

I think I have already configured lokkit so what am I missing ??

 

[ifincham]

Hi,

On redhat, they ship one rpm called 'imap' that has both imap and pop3 daemons and also the ssl versions thereof . When you install the rpm the services are all configured to run under xinted and the corresponding control files are all set as disabled. So, to activate them you just do the usual thing with chkconfig :

# /sbin/chkconfig imap on
# /sbin/chkconfig ipop3 on

(standard versions)

# /sbin/chkconfig imaps on
# /sbin/chkconfig pop3s on

(only if you need ssl versions)

You can have both pop3 and imap if you wish.

Regards

 

[sonun]

thanks a bunch !!!

 

[johnny99]

My m4 file looks like this:

include(`/usr/src/sendmail/cf/m4/cf.m4')
VERSIONID(`linux for smtp-only setup')dnl
OSTYPE(linux)
FEATURE(always_add_domain)dnl
FEATURE(access_db, hash -o /etc/mail/access)dnl
FEATURE(virtusertable, hash -o /etc/mail/maildomains)dnl
FEATURE(use_cw_file)dnl
FEATURE(relay_entire_domain)dnl
FEATURE(blacklist_recipients)dnl
FEATURE(dnsbl,`blackholes.mail-abuse.org',`Mail from $&{client_addr} rejected; see

http://mail-abuse.org/rbl/')dnl

FEATURE(dnsbl,`dialups.mail-abuse.org',`Dialup - from $&{client_addr} rejected; see

http://mail-abuse.org/dul/')dnl

FEATURE(dnsbl,`relays.mail-abuse.org',`Open spam relay from $&{client_addr} rejected; see

http://mail-abuse.org/rss/')dnl

FEATURE(dnsbl,`relays.ordb.org',`Open spam relay from $&{client_addr} rejected; see

http://www.ordb.org/')dnl

FEATURE(dnsbl,`inputs.orbz.org',` Open relay $&{client_addr}; see:

http://www.orbz.org')dnl

FEATURE(dnsbl,`outputs.orbz.org',` Open relay $&{client_addr}; see:

http://www.orbz.org')dnl

FEATURE(`delay_checks')dnl
MAILER(local)dnl
MAILER(smtp)dnl

in /etc/mail/access I have all the domains and IP-numbers I accept (and I lot that I don't accept)
Using the access file you can enter the IP-numbers of the networks you want to be able to use your mail-server for sending email.
Works fine for me, but you need to know the ip-numbers of the people you want to allow to use your server.

/johnny

 

[sonun]

Looks simple and good.
I have some questions about yourmc file. Will poast them shortly.
Thanks.

 

[LarryTheCucumber]

Check out this document. It allows for dymanic relay.
I have been using it and it works very well.
You verify via pop3 and then you can relay from that address for 30 minutes.

http://mail.cc.umanitoba.ca/drac/#solution