HPE Community
Operating System - HP-UX
1833596 Members
4038 Online
110061 Solutions
New Discussion

Limiting who sendmail Relays TO

 
Richard Taft
Occasional Contributor

‎03-24-2003 02:01 PM

‎03-24-2003 02:01 PM

Limiting who sendmail Relays TO

I have two SMTP gateways set up outside my firewall. I want to configure them so that they accept mail FROM: anyone, but who the mail is TO: is limited to a couple of IP addresses. If an attempt is made to relay to any other host, then the relay is rejected. I have tried many configurations with sendmail.cf and have used the M4 compiler to try and create the sendmail.cf. Here is the input to the compile.


divert(0)dnl
VERSIONID(`$Id: generic-hpux10.mc,v 8.11 1999/02/07 07:26:02 gshapiro Exp $')
OSTYPE(hpux11)dnl
DOMAIN(generic)dnl
define(`_X400_UUCP_')dnl
define(`_MASQUERADE_ENVELOPE_')dnl
define(`confTRY_NULL_MX_LIST',`T')dnl
define(`LUSER_RELAY',`name_of_luser_relay')dnl
define(`DATABASE_MAP_TYPE',`dbm')dnl
define(`_CLASS_U_')dnl
define(`confLOG_LEVEL',`10')dnl
define(`confDOMAIN_NAME',`$w.mydomain)dnl
define(`SMART_HOST',`internalgateway.com')dnl
define(`MAIL_HUB',` internalgateway.com')dnl
define(`MASQUERADE_NAME',` internalgateway.com')dnl
define(`confMAILER_NAME',`smtp@mydomain.com')
FEATURE(accept_unresolvable_domains)
FEATURE(always_add_domain)dnl
FEATURE(access_db)dnl
FEATURE(`delay_checks')dnl
MAILER(local)dnl
MAILER(smtp)dnl

Here are the contents of the access DB

to:mydomain.com relay
connect:smtphost.com relay
to:anotherdomain.com relay
connect:anotherdomain.com relay

Everything is working fine with the exception of relay attempts to addresses outside of mydomain.com. It just relays them too. What I am attempting to set up is a closed or private relay hub.

Rich Taft
Sometimes your the windshield, sometimes your the bug
0 Kudos
Reply
6 REPLIES 6
Ron Kinner
Honored Contributor

‎03-24-2003 03:16 PM

‎03-24-2003 03:16 PM

Re: Limiting who sendmail Relays TO

Have you tried:

http://www.sendmail.org/~ca/email/chk-dbg.html#ACCESS

Also just for security;s sake you should be running 8.12.8

http://www.sendmail.org

Ron

0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎03-24-2003 06:30 PM

‎03-24-2003 06:30 PM

Re: Limiting who sendmail Relays TO

from my /etc/mail/access file

localhost RELAY
Sabra2564i86@yahoo.com 550 Spam reject. We charge $500/spam message.


You can reject mail from any domain you wish. Then you have to rebuild the hash databases, start and stop sendmail and you're good to go.

Here is a linux script that rebuilds the hash databases and start and stops the server. You'll need to adapt it for hp-ux.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Richard Taft
Occasional Contributor

‎03-25-2003 06:47 AM

‎03-25-2003 06:47 AM

Re: Limiting who sendmail Relays TO

I do understand that I can reject individual senders, what I???m looking to do is reject any attempt, no matter who the mail is from, to relay e-mail to any receiver outside of my domain. This will prevent spammers from using my SMTP relay as a device to send out spam (also called an open relay)
Sometimes your the windshield, sometimes your the bug
0 Kudos
Reply
Seth Parker
Trusted Contributor

‎03-25-2003 09:06 AM

‎03-25-2003 09:06 AM

Re: Limiting who sendmail Relays TO

Rich,

Steven pointed out something: check to make sure your access.db file is more recent than your access file. If it's not, the map being used by sendmail may not be the same as what's in the /etc/mail/access file.

In our config, I just added the names or addresses of all the internal computers that would need to send out messages through the server. The access file just has a list of those hosts with the RELAY option at the end. Everything else should be dropped by default (according to the docs).

localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
internal.mail.server RELAY
internal.mail.server2 RELAY
192.168.1.40 RELAY
192.168.1.160 RELAY

I've got a question: why do you have the smart host pointing to your internal gateway? If these servers are outside the firewall, aren't they the smart hosts?

Good luck!
0 Kudos
Reply
Richard Taft
Occasional Contributor

‎03-26-2003 06:51 AM

‎03-26-2003 06:51 AM

Re: Limiting who sendmail Relays TO

This is an inbound only mail relay. Our internal servers handle MX resolution on outbound mail.

These servers have two purposes. 1) To act as buffers to out internal mail system and 2) to hide the E-mail conduit through the firewall. So what I need to do is configure these servers to only relay mail that is TO: someone@ourdomain.com and reject everything else.
Sometimes your the windshield, sometimes your the bug
0 Kudos
Reply
Seth Parker
Trusted Contributor

‎03-26-2003 07:56 AM

‎03-26-2003 07:56 AM

Re: Limiting who sendmail Relays TO

Rich,

If it's incoming only, you shouldn't need a smart host, just a mail hub. Do you have the server's FQDN set in the /etc/hosts file in addition to the short name?

Something else to try would be to put the mail hub's short and FQDN names in sendmail.cw (if you're using it). That seems like a long-shot though...

What version of sendmail is this? If it's before 8.9 (which it doesn't look like it is), it'll relay by default.

Sorry, but I'm running out of idea.

Good luck!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.