[H-GEN] Sendmail and open relay

Tony Nugent tony at linuxworks.com.au
Sun Jul 27 23:02:20 EDT 2003 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

On Mon Jul 28 2003 at 08:22, "Tony Melia (DMS)" wrote:

> I am running sendmail 8.12 in a redhat 7 box which is working great.  I
> configured it to reject mail using normal anti-spam rules.  However, I do

(I hope it is a recent version... unless patched, versions prior to
8.12.9 have security bugs/problems).

> have a need for some remote to send me mails to alert me on backups -
> however because these remote servers do not use DNS, sendmail rejects their
> mail since it fails reverse lookups.  Is it possible to configure a top

I admit that I am not aware of your particular situation, but with
an intranet situation it wouldn't be difficult to set up an internal
DNS to make this happen.  (bind 9 can do split-DNS using "views",
where it can give completely different sets of answers depending on
the src IP of the client making the query).

> level rule which says allow mail to be received from these hosts if the from
> address is allowmail at mydomain.com or something like that?? i.e allow mail
> from a certain mail address regardless of the IP it comes from?  Most of
> these systems run MS exchange, so exchange's own SNMP engine sends me the
> mail.

If the domain (and/or IP) really doesn't resolve, and if you know
(and trust) the IPs (or networks) of the clients wanting email
relay, then you can put an entry into /etc/mail/access.  For
example, to allow relay from all hosts in the 192.168.12.0/24
network:

192.168.12.	RELAY

In /etc/mail/, do "makemap hash access < access" (or on a redhat box
simply run "make") to recreate aliases.db (nb: no need to restart
sendmail unless sendmail.cf is changed).  (btw, if you use some
routing tricks, eg with VPNs etc, then it would be possible to
assign known IPs to their src address to get relay in this manner).

But what you have is very similar to the situation where there are,
eg, roaming office-home-travelling dialup laptops in an organisation
that use only the organisation's mail server for all their outgoing
relay -- and not the smtp relay host normally provided by their
dialup ISP.

The way to make relay happen in this situation with their roaming
IPs is to configure the email client on the laptops to use login
(and ssl/tls) to authenticate to the server for outgoing SMTP relay.

On the sendmail side, you will need to configure it to to allow
relay using an AUTH method.  For the gruesome details, see the
README in the sendmail-cf package about STARTTLS, AUTH_OPTIONS,
AUTH_MECHANISMS, TRUST_AUTH_OPTIONS and so on.  (Be warned that this
will lead you to using ssl/tls and requiring logon to the mail
server - I assume exchange can do this as a relay client, I know
outlook does).  http://www.sendmail.org/ has some useful
documentation about setting up all this with sendmail.

Have fun!

> Regards,
> TM

 [ ... snip snip on a really long, ugly, bandwidth-waisting, and
   totally unnecessary disclaimer ... ]

Cheers
Tony

--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list