cancel
Showing results for 
Search instead for 
Did you mean: 

sendmail anti-relaying

Bob Davis
Occasional Advisor

sendmail anti-relaying

Can someone tell me how to check anti-relaying in -bt mode?
If I enter

it passes. Should I be using another ruleset?

Is there another rule that could override the check_rcpt rule? I'm using 8.8.6.

Thanks.
7 REPLIES
Christopher Caldwell
Honored Contributor

Re: sendmail anti-relaying

Uncomment the spam rulesets in sendmail.cf (they're marked - search for Spam).

It looks like you're missing check_relay/check_mail:

# The rules for supporting anti-spamming are check_mail, check_rcpt #
# and check_relay.
Craig Rants
Honored Contributor

Re: sendmail anti-relaying

Bob,
Upgrade to 8.9.3 and anti-relaying is automatic. You can then specify in the /etc/mail/relay-domains file which domains you want to relay if any.

Even thought the patch for 8.9.3 has been recalled by HP, I would still use it. The reason it was recalled was that if it had more than 3000 concurrent connections it would fail. I don't know about you but our company is large and we don't get that may at a time.

Good Luck,
C
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
Bob Davis
Occasional Advisor

Re: sendmail anti-relaying

The spam rulesets are uncommented, they're just not working. The same cf file blocks relaying on a test box. I can block users and domains, but the anti-relaying isn't working. It's as if the remove_local isn't working.
Christopher Caldwell
Honored Contributor

Re: sendmail anti-relaying

I assume you stop/started sendmail?

If so, why don't you post a sanitized version of sendmail.cf so we can have a look.
someone_4
Honored Contributor

Re: sendmail anti-relaying

ok I just did this fix on 8.8.6.

Here is what you need to add and this will stop the relay.
Comment everything that you have for Scheck_rcpt and add this:

Scheck_rcpt
# first: get client addr
R$+ $: $(dequote "" $&{client_addr} $) $| $1
R0 $| $* $@ ok no client addr: directly invoked
R$={LocalIP}$* $| $* $@ ok from here
# not local, check rcpt
R$* $| $* $: $>3 $2
# remove local part, maybe repeatedly
R$+ $:$>removelocal $1
# still something left?
R$*<@$+>$* $#error $@ 5.7.1 $: 550 we do not relay

Sremovelocal
# remove RelayTo part (maybe repeatedly)
R$*<@$*$={RelayTo}.>$* $>3 $1 $4
R$*<@$=w.>$* $: $>removelocal $>3 $1 $3
R$*<@$*>$* $@ $1<@$2>$3
# dequote local part
R$- $: $>3 $(dequote $1 $)
R$*<@$*>$* $: $>removelocal $1<@$2>$3

Also you can set up LocalIP and Local names dont forget to restart sendmail.
If you have problems post them. And make sure you back up your sendmail.cf file


someone_4
Honored Contributor

Re: sendmail anti-relaying

Ohh ..
I misread your post. DOOH! ..
to test a mail hack from
telnet to your server to port 25.

ip.add.of.server 25
you will get
Trying...
Connected to ip.add.of.server.
Escape character is '^]'.

and then you will have a promt
type
helo mail.com
and you will get a hello back.
Then type
mail from:
you will get
250 ... Sender ok

then type
rcpt to:<"yourname@domain.com"@[ip.of.mail.server]>
you will get
250 >... Recipient ok
type
data
you will get
354 Enter mail, end with "." on a line by itself

then type your message end with a .

test
.
250 PAA24408 Message accepted for delivery
quit


Or you can go to http://www.ordb.org/
but if you fail then you will be blacklisted.We were blacklisted and I aplied that fix retested and passed,
let me know if you get it.
Christopher Caldwell
Honored Contributor

Re: sendmail anti-relaying

BTW,
To test the anti-relaying ruleset on host A, you'll have to
1) be on host B that's not permitted to relay by hosta A
2) send a test e-mail that won't eventually get delivered to host A (i.e. host A would act as a relay).

If you're on host A (a.com), and you gen a message from someone@b.com to someone@c.com where neither b.com or c.com are considered local by host A, you won't trip the relay rulesets, since e-mail generated locally and delivered remotely won't be considered relayed, despite what envelope headers might indicate.