[H-GEN] Replacement?

Sarah Walters sbk98 at uow.edu.au
Tue Nov 5 02:26:01 EST 2002 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

Hi Tony,

> All that can be done.  (Using any MTA, not only sendmail).
> 
> But it will only work if all email is relayed through the 
> mail server on that box.  If you have any clients on a lan 
> behind you, then they will need to use it as the outgoing SMTP relay.

I figured that, and they do.

> With sendmail, you'll need to build an .mc config file to 
> include all the appropriate masquerading directives and 
> values, and perhaps set it up to use a genericstable file too 
> (to remap email addresses on local outgoing email).

This has been satisfactory:

FEATURE(always_add_domain)
FEATURE(use_cw_file)
MASQUERADE_AS(walters.homeunix.org)
FEATURE(masquerade_entire_domain)
FEATURE(masquerade_envelope)

> 
> > Some form of spam filtering - currently configured to use RBL and 
> > bounce domains that can't resolve. I would also like to be able to 
> > bounce mail that is obviously spam.
> 
> Oh, hang on.
> 
> You were talking about outgoing email, now you are dealing 
> with incoming email.  There is a difference between what 
> happens with incoming and outgoing mail.
> 
> Outgoing email always involves smtp (as the target port on 
> the destination server).
> 
> Incoming email (if not an MX host) involves collecting email 
> from one or more remote mailbox accounts, using pop or imap 
> (or their ssl equivalents).
> 
> How are you wanting to achieve this?
> 
> Does an MX record in the DNS for your domain point to your 
> public IP address?  (no, it is on an adsl service).
> 
> So you are collecting your email from somewhere, I assume 
> using a pop client.  This doesn't (directly) involve sendmail at all.

Err, actually, no. You don't need an MX as long as the name of 
your machine is the same as the domain mail is being sent to.
If you look up walters.homeunix.org, you'll get our server. So mail
to sarah at walters.homeunix.org will get to me without an MX.

> Oh hang on (again).  Forwarded on?  I assume that it is 
> forwarded on to another email account and not directly (via 
> smtp) to your home mail server.

Via SMTP :)

> Be careful of actually bouncing spam, especially if you are 
> doing it via pop.  You should not do it at all unless you are 
> a primary MX host for a domain -- in the end it achieves 
> little and will simply cause you headaches in the long term 
> with bounces to bounces and so on.
> 
> Simply accept the spam (you have already - how else did you 
> know it was spam?), then either throw it into /dev/null or 
> silently into some spammer mailbox out of the way.  Besides, 
> you don't want to accidently throw away any non-spam with no 
> way to retrieve it.  (But I do bounce spam on an MX host with 
> SA scores over 16 or so).
> 
> Same with viruses, they forge sender addresses so bouncing 
> them just doesn't work except to create noise, annoy and 
> potentially infect the innocent, and consume valuable 
> bandwith.  Throw them into /dev/null without reservation :-)

I intended to throw all this into /dev/null, not bounce it. But
you do make a very good point.

> If there is a way to close that spam-attracting email 
> address, do it :)

Not really. It's okay, I'll survive.

> > Needs to handle aliases and be specified a few domains to 
> relay (duh).
> 
> All smtp servers can do that :-)
> 
> But if you want to filter email that is being relayed 
> *through* your mail server (and not being delivered into 
> local mailboxes), then you will need to do filtering at the 
> smtp level, using mimedefang or some other sendmail milter 
> (I'm not sure what other MTAs are capable of).

Only mail I'm relaying is from our workstations to the outside
world, and I'm fairly confident that my husband isn't going to
spam me :)

> > Don't give a damn about the mailbox format, as long as there is an 
> > IMAP server that can read it. Currently using imap-uw, but 
> can survive 
> > if I have to switch.
> 
> Standard mailbox format would work well.  (wu-imap can also 
> do mbx format used by outrage excess, but you need to mess 
> with a lot of things to enable it, not recommended).
> 
> BTW, if you use imap then it is possible to use it to convert 
> email locked up in windows .pst files into standard mailbox 
> format simply by moving messages into IMAP mail folders.  Recommended.

What a brilliant idea!
 
> > Security is a major issue. Setuid binaries - especially 
> sitting on an 
> > open port ala older versions of sendmail - make me uncomfortable.
> 
> Security is an issue?  Then secure your name server so that 
> it does not answer queries to anyone not part of your local 
> network :-)
> 
> Sendmail 8.12.x (don't use anything earlier than 8.12.5) has 
> a new security model, for example it no longer runs for local 
> services as suid root, but sgid root - a new smmsp user now 
> exists to manage locally generated emails.

Yeah, that's what I'm using. Been a bit of a pain in the butt,
which is why I'm contemplating alternatives.

Besides, doesn't hurt to know what else is out there.

I might add that my problem with sendmail seems to be solved
this afternoon, and was an issue with a reverse lookup of localhost
giving the wrong information.

> There are lots of options to achieve what you want, just 
> think of how the mail flows around, and plug things in where 
> appropriate.
> Cheers
> Tony

Thanks Tony.

Sarah





--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list