Problems with Spammers and Sendmail, Help! 2

[Albion]

I am having problems with spammers using my sendmail 8.9.3 SMTP server as a spam portal to send out mail to thousands of people. My root e-mail box had about 500 returned mail errors and I am getting complaints from people I don't know. Is there a way I can close this off so they can no longer use it for that purpose but it can still be used for company E-Mail?

Thanks!

-Al

 

[Albion]

Let me add a little bit here, I was a bit hasty before. To much stress…

First of all I am a Sendmail idiot. I don't know m4 from c4. I've been reading manuals, docs, FAQs, and forums and I'm still confused as all heck. It just seems to me that everyone has their own files to do their own things. Anyway, here's what I have.


We have an internal domain 192.168.1.x on which I have an Exchange server. Our firewall serves as a NAT as well as a firewall and SMTP server and runs on Linux. We use the Linux machine to relay mail from the Internet to the Exchange server on 192.168.1.x and to relay mail from the Exchange server on 192.168.1.x to the Internet. At this point everything internally works great, but someone is using my sendmail server as a portal to relay spam.

I need to be able to continue to use sendmail to relay mail from inside my network to the Internet and vise versa but I don't want anyone from outside of my network to be able to send mail to anyone else outside my network. I've read about a sendmail.cR file and a relay-domains file but I can't seem to find any help out their format or creation.

It doesn't seem that the person who set up our sendmail box created an m4 file for sendmail.cf, they seemed to modify the sendmail.cf file out of the box. I would love to make one but I am afraid that if I try to create one I'm going to screw up the currently working system that my company cannot be without.

I really could use someone’s help at this point. We're getting e-mails from people all over the place threatening legal action and I can't seem to stop it.

Thanks again.

-Al

 

[Guest_imported]

Hey dude.

I understand your frustration. The config's are a pain!

In a nutshell, I had the same problem and installed the latest version of sendmail (probably not the latest anymore). By default it didnt allow relaying from outside to outside and saved me trying getting involved with sendmail's innards too much. Naturally, note all your local config's if you have any, make backups etc etc. You could also try blocking the evil do-er. There's plenty on the web about this kinda stuff.

This might sound like a weak answer, but it worked for me.

Sorry cant be of specific help, maybe a guru can do that...

 

[PcLinuxGuru]

There are a few things you can do.
First and foremost you want to backup ALL your sendmail files for JIC (Just In Case)... If it is a default install in default directories you want to back up the "/etc/mail" directory and anything that says sendmail in the /etc" directory (including sendmail.cf and sendmail.mc). You want to do this especially if your job depends on this working because if you don't you will have a lot of mad customers. If anything should go wrong you can restore the files and restart sendmail.

All my instructions are based on the default install of sendmail.... if the directories are different then plan accordingly.
Now that you have done all this you can try the simplest method first:

Edit the /etc/mail/access file. Mine looks like...

localhost.localdomain RELAY
localhost RELAY
127.0.0.0 RELAY

This setup allows relaying from the system ONLY utilizing EVERY possible way the mail could be sent. All others are rejected. So what you would want to do is make it look like:

ALL REJECT
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
mydomain RELAY
myotherdomains RELAY
mydomainipblock RELAY
myexchangeserveripaddress RELAY

NOTE: What this is doing is rejecting the mail UNLESS it meets a specified rule underneath.

Now save the file and restart sendmail

To test it try sending an email from outside your network using this server as the outgoing mail server.
You can try this and let me know if it meets your needs. To see if you can use m4 look for a sendmail.mc file. You can edit this file according to all the sites you looked at then type "m4 /etc/sendmail.mc > /etc/sendmail.cf" then restart sendmail.

Let me know if everything works out or not because I have severla more tricks up my sleeve, too many to list here

Bill

 

[Guest_imported]

PcLinuxGuru:
I don't know much about sendmail so any ideas would help out.

I am having the same problem with almost the same setup as Albion. I am running sendmail 8.11 which should have relaying disabled by default, but it continues to relay. My access file is exactly like the one you have posted and I am still a relay fiend.

Thanks
Kel

 

[PcLinuxGuru]

My fault I forgot something... please forgive me I set mine up a long time ago and I was perusing through my notes of what I did.

After adding all the stuff you want to the access file you need to hash it.

Type at the command prompt:

makemap hash /etc/mail/access < /etc/mail/access

That maps it into your access database...

I did try it with a fake domain and it did work...

My apologies
Bill

 

[PcLinuxGuru]

A good site to test mail relaying is:

http://www.abuse.net/relay.html