hi all, running centos 4.7 i686.
I seem to have an o pen r elay sendmail server. How do I close it?
I have the STRAIGHT centos install sendmail.mc file. Only thing I changed was: dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
so as to allow incoming email and not just localhost. however this seems to relay everyone.
I looked at http://www.sendmail.org/tips/relaying but it just talks about (AFIKT) enabling specific relays to occur - not how to CLOSE the relaying.
How do I close the relay?
Jerry
Jerry Geis wrote:
I have the STRAIGHT centos install sendmail.mc file. Only thing I changed was: dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
It should be: DAEMON_OPTIONS(`Port=smtp, Name=MTA')
M$-Internet Exploder est le cancer de l'Internet, voyez pourquoi ici : http://www.aful.org/ressources/documentations/msie-problemes-securite/
On Wed, Nov 12, 2008 at 12:43 PM, Bernard 'Tux' Lheureux bernard.lheureux@bbsoft4.org wrote:
M$-Internet Exploder est le cancer de l'Internet, voyez pourquoi ici : http://www.aful.org/ressources/documentations/msie-problemes-securite/
This is a really good read. If you don't speak/read French, use google to locate the page (copy the URL into the search bar) and select a translator. It's not perfect (doesn't understand French grammar, which is a little different from English), but it's easy to figure out the discrepancies.
Thanks, Tux!
mhr
On Wed, Nov 12, 2008 at 12:33 PM, Jerry Geis geisj@pagestation.com wrote:
hi all, running centos 4.7 i686.
I seem to have an o pen r elay sendmail server. How do I close it?
I have the STRAIGHT centos install sendmail.mc file. Only thing I changed was: dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
so as to allow incoming email and not just localhost. however this seems to relay everyone.
I looked at http://www.sendmail.org/tips/relaying but it just talks about (AFIKT) enabling specific relays to occur - not how to CLOSE the relaying.
How do I close the relay?
Google is your friend - look for "closing an open relay...."
:-)
mhr
Jerry Geis wrote:
It should be: DAEMON_OPTIONS(`Port=smtp, Name=MTA')
I changed it to this and restarted sendmail, re-ran the test and still open.
To fix the OpenRelay, just edit your /etc/mail/access to have it something like that:
8<=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-C-U-T-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= # Check the /usr/share/doc/sendmail/README.cf file for a description # of the format of this file. (search for access_db in that file) # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc # package. # # by default we allow relaying from localhost... localhost.localdomain RELAY # Loopback address to enable local mails to be relayed localhost RELAY # Loopback address to enable local mails to be relayed 127.0.0.1 RELAY # Loopback address to enable local mails to be relayed 212.63.24.21 RELAY # your Public IP address 192.168.1. RELAY # Your Internal LAN address (all mails coming from these IPs will be allowed) yourdomain1.com RELAY # Your Domain number 1 yourdomain2.com RELAY # Your Domain number 2 (if you have multiple domains) 8<=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-C-U-T-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Then save your file and type this: [root@bluewall ~]# makemap hash /etc/mail/access < /etc/mail/access To generate the database from the file /etc/mail/access and everytime you make changes in the file /etc/mail/access, you need to retype this command to enable the changes...
Like this only mails that will be touched by one of these conditions will be allowed to be relayed and every other mail will be rejected
-
Bernard 'Tux' Lheureux -
Jerry Geis -
MHR