[CentOS] Selective Sendmail Relaying.

Wed Dec 20 12:16:14 UTC 2006
Will McDonald <wmcdonald at gmail.com>

Hi all,

I've been trying to hit on the right configuration combo to allow
relaying from specific users and/or domains to an internal box running
Sendmail.

Reading the docs at http://www.sendmail.org/m4/anti_spam.html#relay
and http://www.sendmail.org/m4/anti_spam.html#access_db_fine

I would appear that I should be able to all per-address relaying in
/etc/mail/access by enabling

FEATURE(`relay_mail_from')dnl

in sendmail.mc and restarting Sendmail. Then adding
test at testdomain.com to /etc/access as:

From:test at testdomain.com        RELAY

Should allow relaying FROM this address, yet it doesn't seem to work
for me on a CentOS 4.4 system and I can't quite hit on why.

My full sendmail.mc is...

divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl #     make -C /etc/mail
dnl #
dnl # $Id: sendmail.mc,v 1.3 2006/05/09 10:48:40 root Exp $
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
define(`SMART_HOST',`mailscanner.testdomain.com')
define(`confDEF_USER_ID',``8:12'')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`relay_mail_from')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
DAEMON_OPTIONS(`Port=smtp,Addr=192.168.24.112,Name=MTA')dnl
FEATURE(`accept_unresolvable_domains')dnl
LOCAL_DOMAIN(`willspc')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

In my maillog I just see...

Dec 20 12:10:48 willspc sendmail[24558]: kBKCAlG2024558:
ruleset=check_rcpt, arg1=<wmcdonald at gmail.com>, relay=nectarine
[192.168.24.111], reject=550 5.7.1 <wmcdonald at gmail.com>... Relaying
denied
Dec 20 12:10:48 willspc sendmail[24558]: kBKCAlG2024558:
from=<test at testdomain.com>, size=0, class=0, nrcpts=0, proto=SMTP,
daemon=MTA, relay=nectarine [192.168.24.111]

Am I missing something obvious/stupid? I would have thought Sendmail
would've accepted and relayed it to its smart host. Switching to
"FEATURE(`relay_entire_domain')" works but seems a bit extreme.

Will.