[lug] linuxconf and sendmail config

D. Stimits stimits at idcomm.com
Mon Oct 8 17:03:07 MDT 2001 

"Scott A. Herod" wrote:
> 
> > D. Stimits wrote:
> >
> > Scott Herod wrote:
> > >
> > > I just learned that it was possible to relay mail through
> > > my sendmail daemon despite my telling linuxconf that there
> > > were no valid relay hosts and clients.  This is with
> > > sendmail 8.9.3 which should not do relay by default.  I'm
> > > now trying to configure sendmail using sendmail.mc and
> > > the m4 configuration tool.  Some links that I've discovered
> > > are:
> > >
> > > http://ordb.org/faq/#how_to_close
> > >
> > > http://www.sendmail.org/m4/anti-spam.html
> > >
> > > Can someone suggest a link to a site that will test you
> > > without blacklisting you if you fail ( like ordb.org does )?
> > >
> >
> > Did you ever find a site that can test? I'm also curious how you tested
> > originally, or if it was just an article mentioning the possibility. I,
> > for one, have my sendmail's port closed to all outside sources, but I'd
> > still like to double-check it.
> >
> > D. Stimits, stimits at idcomm.com
> 
> It seems that the best site for testing is http://orbz.org/ .
> I think that they do still black-list you if you fail but
> they also check other blacklisting sites so that if you get
> on multiple lists you can find out without having to wait for
> bounce messages.
> 
> The way I found out was to get caught.  I'm annoyed that linuxconf
> continued to tell me that I had no valid relay clients.  I also
> checked to see whether the box had been compromised but could find
> no evidence of that.  ( I'm gad that linuxconf is now gone.  Broken
> sysadmin tools are worse than no tools. )

This is serious enough that it should go to redhat's bugzilla. I don't
use linuxconf for much of anything, though I keep it active locally
(definitely has all its web interface cut out).

Can somebody here tell me if there is a simple way to test for mail
relay from another ip address, via something like telnet to port 25? Is
there a simple command line I could use? If so, we could arrange to help
test each other's machine in private. My saving grace here, even if
sendmail is lying and doing relay, is that it is completely blocked to
everywhere but the one ip from my ISP.

> 
> ( Now if only I could find plumbing parts that even McGuckin's doesn't
> carry.)

Shopping at McGuckin's is like shopping at NASA. There isn't much they
don't sell. There was a time that they even sold rare SCSI cables and
terminators. Are you looking for a dodeca-icosahedral widget valve?

D. Stimits, stimits at idcomm.com

> 
> Scott
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list