HPE Community
Operating System - Linux
1827883 Members
1319 Online
109969 Solutions
New Discussion

Re: sendmail

 
Marco_113
Frequent Advisor

‎01-31-2006 08:41 PM

‎01-31-2006 08:41 PM

sendmail

Hi all,
i've a problem with my mail server sendmail (8.12 ).
If i connetct from Internet to my mailserver on port 25, i can send mail to my domain users using any kind af name, also if the name of the sender does not exist.
It's not a relay problem because i can send mail only to users of my domain otherwise i'get relay denied.
How can i fix the problem,
Thanks in advace
0 Kudos
Reply
15 REPLIES 15
Vitaly Karasik_1
Honored Contributor

‎01-31-2006 11:26 PM

‎01-31-2006 11:26 PM

Re: sendmail

It's known problem and AFAIK there is no way to prevent such fake emails using standart sendmail configuration tools.

This http://www.saas.nsw.edu.au/solutions/dns.html may help you.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎02-01-2006 12:49 AM

‎02-01-2006 12:49 AM

Re: sendmail

Shalom Marco,

1) Hi Vitaly.
2) This is done to prevent your machine from relaying spam email. You need to connect to a valid email server to send smtp traffic. Your ISP or firewal admin should provide this.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Marco_113
Frequent Advisor

‎02-01-2006 01:01 AM

‎02-01-2006 01:01 AM

Re: sendmail

Thanks guys,
may be i ve not explained well.
I connect with telnet on port 25 to my mailserver and try to send mail:

MAIL FROM:aaaa@anydomain.com
RCPT TO: user@mydomain.com
DATA: text of the mail

where anydomain is any valid domain
mydomain is my domain

This mail is sent correctly to user@mydomain.com

How can avoid this?
Thanks
0 Kudos
Reply
Bill Thorsteinson
Honored Contributor

‎02-01-2006 02:12 AM

‎02-01-2006 02:12 AM

Re: sendmail

This is normal functionality. Without it
SMTP relaying of any sort wouldn't work.

It is also required for tools such as
fetchmail which fetch mail from remote servers
for delivery to local users.

From address can be any valid address.
0 Kudos
Reply
Vitaly Karasik_1
Honored Contributor

‎02-01-2006 05:42 AM

‎02-01-2006 05:42 AM

Re: sendmail

Marco and All,
As far as I understand, you don't like the fact that someone from Microsoft (Bill Gates, for example) can send you email with From address = linus_torvalds@superlinux.com.

I don't like it too :-)

Please read my previous post with link to article which discuss this issue.
Again - AFAIK, for some reasons sendmail doesn't provide us with tools for preventing such fake email.
0 Kudos
Reply
dirk dierickx
Honored Contributor

‎02-01-2006 06:43 PM

‎02-01-2006 06:43 PM

Re: sendmail

there is nothing keeping you from writing a filter (in perl or others) that blocks mails being send from non-existing usernames.
0 Kudos
Reply
Bejoy C Alias
Respected Contributor

‎02-05-2006 05:28 PM

‎02-05-2006 05:28 PM

Re: sendmail

Dear Marco,
I think u r asking about howto prevent the from address being an invalid address. You can define rules in ur sendmail config files to check whether the sender address domain has valid domain address. This will increase ur domain lookup traffic and it may some times block even valid domain addresses if ur domain server is down . But there is no way to check whether the username of the from address is valid or not. So it is better to leave as it is.
Be Always Joy ......
0 Kudos
Reply
Marco_113
Frequent Advisor

‎02-05-2006 07:26 PM

‎02-05-2006 07:26 PM

Re: sendmail

Thanks everybody
0 Kudos
Reply
Marco_113
Frequent Advisor

‎02-12-2006 08:42 PM

‎02-12-2006 08:42 PM

Re: sendmail

Hi guys,
what can you tell me about smpt-auth??
Thanks
0 Kudos
Reply
Vitaly Karasik_1
Honored Contributor

‎02-12-2006 09:18 PM

‎02-12-2006 09:18 PM

Re: sendmail

Marco, you can read about smpt-auth here:

http://www.sendmail.org/~ca/email/auth.html SMTP AUTH in sendmail 8.10-8.13

But smpt-auth cannot help in your case.
It works mostly for ISP that want to allow to send email (== to relay) only to their customers.
Rgds,
Vitaly
0 Kudos
Reply
Marco_113
Frequent Advisor

‎02-13-2006 12:59 AM

‎02-13-2006 12:59 AM

Re: sendmail

Excuse me,
let me do an example.
My domain is mydomain.com
My mail server is smtp.mydomain.com

I implement smtp-auth on my server to authenticate mydomain.com users.

One client, say user@otherdomain.com (with otherdomain existent,) wants to send an email to users@mydomain.com.

So, user@otherdomain.com is able to send the email or has problems and must be aythenticated by my mail server??
Thanks

0 Kudos
Reply
Vitaly Karasik_1
Honored Contributor

‎02-13-2006 06:20 AM

‎02-13-2006 06:20 AM

Re: sendmail

Nice example!
Your SMTP server for yourdomain.com should allow to everyone around the world to send email to user@yourdomain.com. And this may be your customer, let's say gooduser@goodcompany.com, and this person may be a spammer, spammer@spamdomain.com.
As we discussed, there is no simple way to prevent a spammer to send email with faked "from" address, e.g. a spammer can use gooduser@gooddomain.com even if he/she isn't from this domain.

And what smtp-auth knows to do?
Let's speak about users from yourdomain.com.
When these users work from your local company network, you (== your mail server) have no problem to understand that there are legal users. But when your users work from Internet, how can you understand that this is legal user?! Here smtp-auth will alllow you to differentiate between "all internet users" and "internet users that have account at yourcompany.com"
0 Kudos
Reply
Bejoy C Alias
Respected Contributor

‎02-14-2006 02:38 PM

‎02-14-2006 02:38 PM

Re: sendmail

---continuation to vitaly------
and because this smtp-auth allows u to identify authenticated users , u can use this to allow relaying for theses users to any doamin, i.e. users who all r authenticated will be allowed to send mails to any other domain through ur mail server. this is the method used by most of the ISPs
Be Always Joy ......
0 Kudos
Reply
Vincent Fleming
Honored Contributor

‎02-15-2006 04:25 AM

‎02-15-2006 04:25 AM

Re: sendmail

You really can't stop sendmail from forwarding such email, HOWEVER...

There's lots you can do to stop spam.

Spamassassin works pretty well... (http://spamassassin.apache.org/), and it's free, of course. I use it heavily with the spamass-milter interface.

I also use a couple of blacklists... put this in your sendmail.mc to enable them:

FEATURE(`dnsbl',`combined.njabl.org',`550 5.7.1 Access denied - Mail from $&{client_addr} refused - see http://njabl.org/lookup?$&{client_addr}')
dnl FEATURE(`dnsbl', `dnsbl.sorbs.net', `"554 Mail from " $`'&{client_addr} " refused - see http://www.us.sorbs.net"')
FEATURE(`dnsbl', `dnsbl.sorbs.net', `550 5.7.1 Access denied - Mail from $&{client_addr} refused - see http://www.sorbs.net/lookup.shtml?$&{client_addr}')
FEATURE(`dnsbl', `bl.spamcop.net', `550 5.7.1 Access denied - Mail from $&{client_addr} refused - see http://spamcop.net/bl.shtml')

I also use ClamAV antivirus software (http://www.clamav.net/), which integrates nicely with sendmail via a milter.


Good luck,

Vince
No matter where you go, there you are.
0 Kudos
Reply
Vincent Fleming
Honored Contributor

‎02-15-2006 04:33 AM

‎02-15-2006 04:33 AM

Re: sendmail

Oh - one more thing - I use /etc/mail/access rather heavily - I have about 1000 lines in there.

Since this is my home email server I'm talking about, I simply reject anything from and two-letter domain postfix - ie: domain.tw (taiwan), domain.com.de

I wrote a simple shell script to add these lines:

info ERROR:5.7.1:550 Access denied - \.info domains not allowed
aa ERROR:5.7.1:550 Access denied - \.aa domains not allowed
ab ERROR:5.7.1:550 Access denied - \.ab domains not allowed

I also looked up Class A networks to ignore - for example, I don't know anybody in AsiaPAC, so I reject anything on the 58.0.0.0 59.0.0.0 (among others) networks.

Doing this has SIGNIFICANTLY reduced my spam, as shown in my (somewhat modified) logwatch output:

Blocked via /etc/access by Region:
AP: 185 Time(s)
EMEA: 88 Time(s)
LA: 20 Time(s)

Total: 293
Domain Rejection Totals:
.ar: 1 Times(s)
.at: 2 Times(s)
.au: 1 Times(s)
.br: 4 Times(s)
.ch: 2 Times(s)
.cl: 1 Times(s)
.co: 10 Times(s)
.cy: 1 Times(s)
.de: 5 Times(s)
.es: 1 Times(s)
.fr: 13 Times(s)
.hu: 10 Times(s)
.il: 1 Times(s)
.it: 4 Times(s)
.jp: 3 Times(s)
.mx: 21 Times(s)
.nl: 6 Times(s)
.pl: 5 Times(s)
.sk: 1 Times(s)
.uk: 11 Times(s)

Total: 103
BlackHole Totals:
njabl.org: 112 Time(s)
spamcop.net: 15 Time(s)
www.sorbs.net: 109 Time(s)

By the way - this output is from yesterday - only one day.

Regards,

Vince
No matter where you go, there you are.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.