smtp problems sender and virtuserdomains

[eevdropper]

Hi,

We are running two sendmail servers with only virtual domains (virtuserdomains).
Example : realdomain.com is in the virtuserdomains file
fakedomain.com is NOT in the virtuserdomains file

When a fakeuser@realdomain.com that does not exist in the virtusertable tries to send a mail we see an
"553 5.3.0 fakeuser@realdomain.com ... No such user" error

so far so good, but when a fakeuser@fakedomain.com sends a mail, sendmail don't give an error an relays this mail.


What should we check ?

Regards,
-ed-

 

[RhythmAce]

You don't have fakedomain.com in the access file do you? The only thing that should be in there is localhost, localhost.localdomain and 127.0.0.1.

 

[eevdropper]

Nope, nothing in access file but the things needed.

 

[RhythmAce]

Can you post a copy of your sendmail.mc file? There is nothing in there that would be a security risk by making it public.

 

[eevdropper]

here is our mc file.
ourdomain.com is the sendmail mail domain, this domain is not used for users.

ourdomain2 en 3 are domains we do use in virtuserdomains.

regards,
-ed-


divert(0)dnl
define(`confMAILER_NAME', `mailerdm@ourdomain2.com')dnl
define(`confDOMAIN_NAME', `ourmaildomain.com')dnl
define(confMAX_MESSAGE_SIZE,10000000)dnl
define(confTO_IDENT, `0s')dnl
define(confPRIVACY_FLAGS, ``authwarnings, noexpn, novrfy, needmailhelo, needexpnhelo, needvrfyhelo, restrictmailq, restrictqrun'')dnl
define(`confSMTP_LOGIN_MSG',`$j Sendmail ready; $b')dnl
VERSIONID(`solaris2.8 for smtp-only setup')
OSTYPE(solaris2)
FEATURE(nouucp, `reject')
FEATURE(always_add_domain)
FEATURE(accept_unresolvable_domains)
FEATURE(`access_db',`dbm -T<TMPF> /etc/mail/access')
FEATURE(`delay_checks',`friend')
VIRTUSER_DOMAIN_FILE(`/etc/mail/virtuserdomains')
FEATURE(`virtusertable', `dbm /etc/mail/virtusertable')
FEATURE(masquerade_envelope)
FEATURE(`genericstable', `dbm /etc/mail/genericstable')
GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')
FEATURE(generics_entire_domain)
MAILER(local)
MAILER(smtp)

LOCAL_RULE_1
Rsystem<@test.test.ourdomain.com.> system.test<@ourdomain2.com.>

LOCAL_RULE_0
R$+<@mail.ourdomain2.com.> $1<@ourdomain2.com.>
R$+<@ourdomain3.com.> $1<@ourdomain2.com.>

 

[RhythmAce]

I've never had the need to use virtuserdomains so I'm not a 100% clear on this. But from what I understand, virtuserdomains are added to the {VirtHost} class and in turn those are automatically added to the R class (relay domain. This may be what is telling sendmail to relay the whole domain without even considering the user part. You may be able to overcome this by adding all users to the virtusertable then the last entry for each domain should have a catchall. What I do is have a line like this:

@domain1.com error:nouser This server does not allow spam!

Now if the user is not found, it is rejected with the text message 'This server does not allow spam!".

 

[eevdropper]

HI,

All users are in thye virtusertable, so sendmail is rejecting users that are not found in the virtusertable.
But when people uses a domain that is not in the virtuserdomains file, sendmail relays the mail.

So everythings goes fine, aslong as the domain is in the virtuserdomains file.
When thinking about it, maybe it should be that way, otherway sendmail would not relay mail coming from the internet.

Maybe there is a way that we can say to sendmail to allow the machines in the access-file, relay only for the domains that are in the virtuserdomains file?

cheers,