[CentOS] Re: sendmail security

Wed Sep 20 17:18:40 UTC 2006
Scott Silva <ssilva at sgvwater.com>

abhishek singh spake the following on 9/20/2006 3:12 AM:
> yes i am using SMTP Authentication , but when i m
> doing telnet to my server on 25 port so i am able to
> send mail by unknow user that in in not my mail server
> like
> mail from: <abs at domain.com>
> this command is showing Sender is ok while its not
> user in my mail server.after that 
> rcpt to: <xyz at domain.com>
> jhsjhdf
> .
> quit
> after this mail is queued for delivery to xyz user and
> in this scenario xyz is valid user accound on my mail
> server so i want that unkown account for my domain
> cant sendmail , so how i will do that ,
> when i am sending mail to out side domain without
> authentication then everything is ok means any one can
> send mail to my domain while he is not user.
> this is the problem.
Are you telnetting from inside your local ip address range?
If so, you might be skipping some of the auth checks because sendmail thinks
you are local.


MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!