HPE Community
Operating System - HP-UX
1833783 Members
3331 Online
110063 Solutions
New Discussion

Completely stopping open mail relay in HP-UX 10.20.

 
SOLVED
Go to solution
Tom Henning
Trusted Contributor

‎10-04-2001 08:51 AM

‎10-04-2001 08:51 AM

Completely stopping open mail relay in HP-UX 10.20.

Here's the problem. I have been told to completely stop the open mail relay on my 10.20 system. I found dirctions on stopping this in HP-UX 10.20 and followed them. I Then when to the prodigysolutions.com site that checks for an open mail relay and was told that addresses of the following forms are still being relayed:
"nobody@prodigysolutions.com"
"nobody%prodigysolutions.com" and
"nobody@prodigyssolutions.com"@waldtsvr.ksc.nasa.gov

The relavent sections of my /etc/mail/sendmail.cf file are:


## file containing names of machines which can use our relay
F{LocalNames} /etc/mail/LocalNames

## file containing names we relay to
F{RelayTo} /etc/mail/RelayTo

The file LocalNames contains the localhost and the local node names. The file RelayTo contains the local domain address.

Can anybody help me, please. I do assign points for answers.
What is it that possesses otherwise sane individuals to change something just because it has not been changed in a while?
0 Kudos
Reply
6 REPLIES 6
Tom Henning
Trusted Contributor

‎10-04-2001 09:03 AM

‎10-04-2001 09:03 AM

Re: Completely stopping open mail relay in HP-UX 10.20.

Oops, replying to my own message, but I knew I forgot something. The other parts of /etc/mail/sendmail.cf that apply are:

## BEGIN anti-spamming
#Scheck_mail
## no mails from spammers (user@dom.ain)
#R<$={Spammer}> $#error $@ 5.7.1 $: "571 You are banned, contact your local admi
n." go away
#R<$={Spammer}.> $#error $@ 5.7.1 $: "571 You are banned, contact your lo
cal admin." go away
#R$={Spammer} $#error $@ 5.7.1 $: "571 You are banned, contact your local admi
n." go away
#R$={Spammer}. $#error $@ 5.7.1 $: "571 You are banned, contact your local admi
n." go away
#R$* $: $>3 $1 canonify
#R$- $@ ok local ho
st
## no spam domains
#R$*<@$*$={SpamDomains}.>$* $#error $@ 5.7.1 $: "571 This domain is banned."
go away
#R$*<@$*$={SpamDomains}>$* $#error $@ 5.7.1 $: "571 This domain is banned." go away
## if you enable the last rule, you can disable this one.
## host without a . in the FQHN ?
#R$*<@$->$* $#error $@ 4.1.8 $: "418 invalid host name" no real
name
## lookup IP address (reverse mapping available?)
## R$*<@[$+]>$* $: $1 < @ $[ [ $2 ] $] > $3
## no DNS entry? this is dangerous!
## R$*<@$*$~P>$* $#error $@ 4.1.8 $: 418 unresolvable host name $2$3, che
ck your configuration.



Scheck_rcpt
# first: get client address
R$+ $: $(dequote "" $&{client_addr} $) $| $1
R0 $| $* $@ ok client_addr is 0 for sendmail -bs
R$={LocalIP}$* $| $* $@ ok from here
# next: get client name
R$* $| $+ $: $(dequote "" $&{client_name} $) $| $2
R $| $* $@ ok no client name: directly invoked
#R$- $| $* $@ ok for those without full DNS...
R$*$=w $| $* $@ ok from here
R$*$={LocalNames} $| $* $@ ok from allowed system
# now check other side
R$* $| $* $: $>3 $2
# remove RelayTo part (maybe repeatedly) R$*<@$*$={RelayTo}.>$* $>3 $1 $4
# remove local part (maybe repeatedly)
R$*<@$=w.>$* $>3 $1 $3
# still something left?
R$*<@$+>$* $#error $@ 5.7.1 $: 571 we do not relay



Scheck_relay
R$+ $| $={DeniedIP}$* $#error $@ 5.7.1 $: "no access from your IP address"
R$*$={DeniedNames} $| $* $#error $@ 5.7.1 $: "no access from your host"
# END anti-spamming

This is straight out of the newconfig snedmail.cf file, with the anti-spamming lines uncommented.

Hope this completes all of the information that will be required, and somebody can help me.
What is it that possesses otherwise sane individuals to change something just because it has not been changed in a while?
0 Kudos
Reply
someone_4
Honored Contributor

‎10-04-2001 10:46 AM

‎10-04-2001 10:46 AM

Re: Completely stopping open mail relay in HP-UX 10.20.

Hey Tom..
Im not sure what your problem is there but that seems like a handy website that posted. I am testing my mailserver there my self. This is a project that I am also looking into. Where did you find the steps to stop relaying the only place I found was sendmail.org. As far as your problem goes what was the output you got from your first test? Did it show improvement?And did you stop and start sendmail after you made your changes?

Richard
0 Kudos
Reply
Tom Henning
Trusted Contributor

‎10-05-2001 02:23 AM

‎10-05-2001 02:23 AM

Re: Completely stopping open mail relay in HP-UX 10.20.

Richard:
It does seem to be a handy web site for cheching on an open mail relay. The output from my first test, which I ran after the changes made in the posting, showed that any relay test made with question marks seemed to be passed through. This is ungood.

Yes, I did stop and re-start sendmail after I made changes.


I do seemed to have solved the problem though. I lot more checking at the response center's patching pages show that they did release a patch to take a 10.20 system from sendmail 8.8.6 to 8.9.3. I did this and the open mail tests all came back negative, it works. I am waiting for my users to inform me of any other problems that crop up due to this change.

The patch number I found was: PHNE_22672.

One problem I have found with this so far is that sendmail now complains about world writtable directories:
$HOME/.forward
$HOME/.forward+
$HOME/.forward.
$HOME/.forward.+

This I have not yet dug into but will start looking into it shortly. Too early in the morning for this stuff.
What is it that possesses otherwise sane individuals to change something just because it has not been changed in a while?
0 Kudos
Reply
someone_4
Honored Contributor

‎10-05-2001 07:22 AM

‎10-05-2001 07:22 AM

Solution

Re: Completely stopping open mail relay in HP-UX 10.20.

No debugging needed there..
Here is a doc that is a problem I had a while back. I also listed other links if this does not fix it for you.

Richard

PROBLEM
In the SendMail application, the following errors occur even though
there is NO .forward file present:

db_map_lookup(Alias0, root)
root... forward: /.forward.[node]+: Group writable directory
root... forward: /.forward+: Group writable directory
root... forward: /.forward.[node]: Group writable directory
root... forward: /.forward: Group writable directory
root... Connecting to local...
root... Sent

How can these errors be eliminated?


CONFIGURATION
Operating System - HP-UX
Subsystem - SendMail

RESOLUTION
SendMail checks the $HOME directory - as defined in /etc/passwd - for
proper permissions PRIOR to checking for a .forward file. If the
$HOME directory has incorrect 'group writable' permissions, then the
error messages occur even though there is NO .forward file. For the
root account, these error messages appear regardless of whether the
$HOME location is defined in /etc/passwd as "/" or as "/home/root".

To avoid the error messages, change the permissions on root's $HOME
directory. Check /etc/passwd. Typically, it would be one of the
following:

# chmod 755 /

or

# chmod 755 /home/root

The following documents contain related information:

KBRC00000934, KBRC00003154

and are available at HP's IT Resource Center (ITRC):

http://www.itrc.hp.com


http://us-support.external.hp.com/cki/bin/doc.pl/sid=a137ea841a48a0dc0b/screen=ckiDisplayDocument?docId=200000049016507

http://us-support.external.hp.com/cki/bin/doc.pl/sid=8c40e8bd00dee0b798/screen=ckiDisplayDocument?docId=200000050592876

http://us-support.external.hp.com/cki/bin/doc.pl/sid=32c6648c1b3a8708f3/screen=ckiDisplayDocument?docId=200000049692426

http://us-support.external.hp.com/cki/bin/doc.pl/sid=32c6648c1b3a8708f3/screen=ckiDisplayDocument?docId=200000054799980







Reply
Tom Henning
Trusted Contributor

‎10-05-2001 08:13 AM

‎10-05-2001 08:13 AM

Re: Completely stopping open mail relay in HP-UX 10.20.

Almost the exact answer to the problem. It turns out that the forward file and user's home directory were set to non-world writtable, but the /home directory itself was set to 777 permissions. Not annymore it, isn;t. Appears that sendmail checks the complete path to the .forward file, not just one level above.

Problem appears to be solved not.

Thanks again,
Richard.
What is it that possesses otherwise sane individuals to change something just because it has not been changed in a while?
0 Kudos
Reply
Tom Henning
Trusted Contributor

‎10-05-2001 08:15 AM

‎10-05-2001 08:15 AM

Re: Completely stopping open mail relay in HP-UX 10.20.

that will teach me to proof read before hitting submit.

The problem appears to be solved NOW! (not not).
What is it that possesses otherwise sane individuals to change something just because it has not been changed in a while?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.