Showing results for 
Search instead for 
Did you mean: 

sendmail anti-relaying

Bob Davis
Occasional Advisor

sendmail anti-relaying

Can someone tell me how to check anti-relaying in -bt mode?
If I enter

it passes. Should I be using another ruleset?

Is there another rule that could override the check_rcpt rule? I'm using 8.8.6.

Christopher Caldwell
Honored Contributor

Re: sendmail anti-relaying

Uncomment the spam rulesets in (they're marked - search for Spam).

It looks like you're missing check_relay/check_mail:

# The rules for supporting anti-spamming are check_mail, check_rcpt #
# and check_relay.
Craig Rants
Honored Contributor

Re: sendmail anti-relaying

Upgrade to 8.9.3 and anti-relaying is automatic. You can then specify in the /etc/mail/relay-domains file which domains you want to relay if any.

Even thought the patch for 8.9.3 has been recalled by HP, I would still use it. The reason it was recalled was that if it had more than 3000 concurrent connections it would fail. I don't know about you but our company is large and we don't get that may at a time.

Good Luck,
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
Bob Davis
Occasional Advisor

Re: sendmail anti-relaying

The spam rulesets are uncommented, they're just not working. The same cf file blocks relaying on a test box. I can block users and domains, but the anti-relaying isn't working. It's as if the remove_local isn't working.
Christopher Caldwell
Honored Contributor

Re: sendmail anti-relaying

I assume you stop/started sendmail?

If so, why don't you post a sanitized version of so we can have a look.
Honored Contributor

Re: sendmail anti-relaying

ok I just did this fix on 8.8.6.

Here is what you need to add and this will stop the relay.
Comment everything that you have for Scheck_rcpt and add this:

# first: get client addr
R$+ $: $(dequote "" $&{client_addr} $) $| $1
R0 $| $* $@ ok no client addr: directly invoked
R$={LocalIP}$* $| $* $@ ok from here
# not local, check rcpt
R$* $| $* $: $>3 $2
# remove local part, maybe repeatedly
R$+ $:$>removelocal $1
# still something left?
R$*<@$+>$* $#error $@ 5.7.1 $: 550 we do not relay

# remove RelayTo part (maybe repeatedly)
R$*<@$*$={RelayTo}.>$* $>3 $1 $4
R$*<@$=w.>$* $: $>removelocal $>3 $1 $3
R$*<@$*>$* $@ $1<@$2>$3
# dequote local part
R$- $: $>3 $(dequote $1 $)
R$*<@$*>$* $: $>removelocal $1<@$2>$3

Also you can set up LocalIP and Local names dont forget to restart sendmail.
If you have problems post them. And make sure you back up your file

Honored Contributor

Re: sendmail anti-relaying

Ohh ..
I misread your post. DOOH! ..
to test a mail hack from
telnet to your server to port 25.

ip.add.of.server 25
you will get
Connected to ip.add.of.server.
Escape character is '^]'.

and then you will have a promt
and you will get a hello back.
Then type
mail from:
you will get
250 ... Sender ok

then type
rcpt to:<""@[ip.of.mail.server]>
you will get
250 >... Recipient ok
you will get
354 Enter mail, end with "." on a line by itself

then type your message end with a .

250 PAA24408 Message accepted for delivery

Or you can go to
but if you fail then you will be blacklisted.We were blacklisted and I aplied that fix retested and passed,
let me know if you get it.
Christopher Caldwell
Honored Contributor

Re: sendmail anti-relaying

To test the anti-relaying ruleset on host A, you'll have to
1) be on host B that's not permitted to relay by hosta A
2) send a test e-mail that won't eventually get delivered to host A (i.e. host A would act as a relay).

If you're on host A (, and you gen a message from to where neither or are considered local by host A, you won't trip the relay rulesets, since e-mail generated locally and delivered remotely won't be considered relayed, despite what envelope headers might indicate.