sendmail access? relaying denied

[jobesd]

I would like to know how to setup relaying for a user that is outside the network with a dynamic ip.

=================================================================

Your message did not reach some or all of the intended recipients.

Subject: RE: test
Sent: 1/17/2004 2:52 PM

The following recipient(s) could not be reached:

'Test' on 1/17/2004 2:52 PM
550 5.7.1 <xxxxxx@hotmail.com>... Relaying denied
===================================================================




right now I have to enter the ip everytime in spam rules(/etc/mail/access) for them to send mail. I want this user to be able to send mail from any dialup connection.


example access file
--------------------------------------------------------------


Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY

user1@ RELAY
user2@ RELAY
user3@ RELAY
user4@ RELAY
user5_anywhereuser@ RELAY

10.10.1.1 RELAY
10.10.1.100 RELAY
10.10.1.101 RELAY
10.10.1.102 RELAY
10.10.1.103 RELAY
68.23.123.2 RELAY <------- I have to change to their dialup ip so user5_anywhereuser@ can send mail




why can it just be based on just the name user5_anywhereuser@ with the correct login credentials? Is there any way around this without using a dialup providers smtp mail?

in a mail client like outlook I want to use this:

pop.mydomain.com
smtp.mydomain.com

NOT THIS:

pop.mydomain.com
smtp.some_dialup_provider.com


Thanks Jobesd

 

[RhythmAce]

Add this line to sendmail.mc:

FEATURE(`relay_local_from')dnl

Note that the ` just before the word relay is a back tick not '. It is the same key as ~ just to the left of the 1 key. If you use this, any mail where the senders domain is a domain hosted on your server, will be relayed. The sender is NOT checked against access.db. This means with a little spoofing, spammers can use your mail server as a relay. Make sure you take steps to prevent this with security measures such as smtp auth or smtp-before-pop. Another option is:

FEATURE(`relay_mail_from')dnl

This one will allow relaying if the sender is listed as &quot;RELAY&quot; in your access.db

 

[jobesd]

I still get relaying denied with the above added. here is my config file. is there somthing else here preventing me relaying?

divert(-1)
dnl This is the sendmail macro config file. If you make changes to this file,
dnl you need the sendmail-cf rpm installed and then have to generate a
dnl new /etc/sendmail.cf by running the following command:
dnl
dnl m4 /etc/mail/sendmail.mc > /etc/sendmail.cf
dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')
VERSIONID(`linux setup for Red Hat Linux')dnl
OSTYPE(`linux')
define(`confDEF_USER_ID',``8:12'')dnl
undefine(`UUCP_RELAY')dnl
undefine(`BITNET_RELAY')dnl
define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl This changes sendmail to only listen on the loopback device 127.0.0.1
dnl and not on any other network devices. Comment this out if you want
dnl to accept email over the network.
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
dnl NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl a kernel patch
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')
dnl We strongly recommend to comment this one out if you want to protect
dnl yourself from spam. However, the laptop and users on computers that do
dnl not have 24x7 DNS do need this.
FEATURE(`accept_unresolvable_domains')dnl
dnl FEATURE(`relay_based_on_MX')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
Cwlocalhost.localdomain
FEATURE(`dnsbl', `bl.spamcop.net', `&quot;Spam blocked see:

http://spamcop.net/bl.shtml?&quot;$&{client_addr}')dnl

FEATURE(dnsbl,`dun.dnsrbl.net')dnl
FEATURE(`enhdnsbl', `bl.spamcop.net', `&quot;Spam blocked see:

http://spamcop.net/bl.shtml?&quot;$&{client_addr}',

`t')dnl
FEATURE(`dnsbl',`dnsbl.sorbs.net', `&quot;554 Rejected &quot; $&{client_addr} &quot; found in dnsbl.sorbs.net&quot;')dnl
FEATURE(`relay_local_from')dnl
FEATURE(`relay_mail_from')dnl

 

[RhythmAce]

MAILER(smtp)dnl
MAILER(procmail)dnl
Cwlocalhost.localdomain

The above lines should be at the bottom of the file. Did you rebuild sendmail.cf after editing sendmail.mc? To do that issue this command:

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

You also need to rebuild access.db

makemap hash /etc/mail/access.db < /etc/mail/access

You MUST also restart sendmail

 

[jobesd]

I tried it an it worked with both lines, however when checked against ORDB.org I had an open relay.

I tried it with just this line

FEATURE(`relay_mail_from')dnl

In my access file

user@ and
user@mydomain.com

failed to let me relay. is the above correct?



if you could tell me,
how do I setup pop-before-smtp is this just a config change?
is pop-before-smtp easier to setup than SMTP Auth?

I looked at smtp auth and it looks like I would have to recompile sendmail. I really don't want to go that rout. unless there is an rpm for redhat.

jobesd