[CentOS] Re: close open relay

Thu Nov 13 19:20:53 UTC 2008
Bernard 'Tux' Lheureux <bernard.lheureux at bbsoft4.org>

Jerry Geis wrote:
>>
>> It should be:
>> DAEMON_OPTIONS(`Port=smtp, Name=MTA')
>>   
> I changed it to this and restarted sendmail, re-ran the test and still 
> open.
To fix the OpenRelay, just edit your /etc/mail/access to have it 
something like that:

8<=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-C-U-T-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
localhost.localdomain                    RELAY        # Loopback address 
to enable local mails to be relayed
localhost                                       RELAY        # Loopback 
address to enable local mails to be relayed
127.0.0.1                                     RELAY        # Loopback 
address to enable local mails to be relayed
212.63.24.21                               RELAY        # your Public IP 
address
192.168.1.                                   RELAY        # Your 
Internal LAN address (all mails coming from these IPs will be allowed)
yourdomain1.com                         RELAY        # Your Domain number 1
yourdomain2.com                         RELAY        # Your Domain 
number 2 (if you have multiple domains)
8<=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-C-U-T-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Then save your file and type this:
[root at bluewall ~]# makemap hash /etc/mail/access < /etc/mail/access
To generate the database from the file /etc/mail/access and everytime 
you make changes in the file /etc/mail/access, you need to retype this 
command to enable the changes...

Like this only mails that will be touched by one of these conditions 
will be allowed to be relayed and every other mail will be rejected