[lug] linuxconf and sendmail config

Wed Oct 17 12:51:04 MDT 2001

Below is what I ended up doing.  Note that this is on a box running
RedHat 6.2 and sendmail 8.9.3.

Look in /etc.  You should see sendmail.cf and sendmail.mc.  Since there
are probably only two people on the planet that understand the .cf file,
you'll edit the .mc file and process it with m4.  Because I want to
masquerade several IPs from my mail server and only relay those, I added
the following in my sendmail.mc file.  Yes, those are one back and one
forward quote.

MASQUERADE_AS(`my-domain.com')
MASQUERADE_DOMAIN(`my-domain.com')
FEATURE(`access_db')
FEATURE(`relay_hosts_only')                                                     

Use "m4 /etc/sendmail.mc > /etc/sendmail.cf" to create the sendmail.cf
file.
( Save the old one first! )

Next you need to list the machines allowed to relay.  I did that in 
/etc/mail/access by specifying the IPs and the fact that they were
allowed to relay.  I added lines like:

123.456.789.12		RELAY
123.456.789.13		RELAY
123.456.789.14		RELAY
123.456.789.15		RELAY

To create the database file run "make" or 
"makemap hash /etc/mail/access < /etc/mail/access"

Of course, someone spoofing their IP address will still be able to 
relay with what I've mentioned.  There probably still needs to be
an authentication step.

Scott

Greg Horne wrote:
> 
> How and where do I turn off mail relaying on my sendmail server?  Yes, it IS
> on right now.  Most sites tell me how to turn it on, but not off.  Help.
> 
> Greg
> 
> >From: Nate Duehr <nate at natetech.com>
> >Reply-To: lug at lug.boulder.co.us
> >To: lug at lug.boulder.co.us
> >Subject: Re: [lug] linuxconf and sendmail config
> >Date: Wed, 17 Oct 2001 01:23:38 -0600
> >
> >telnet mail-abuse.net
> >
> >On Mon, Oct 08, 2001 at 08:20:26AM -0600, Scott A. Herod wrote:
> > > > D. Stimits wrote:
> > > >
> > > > Scott Herod wrote:
> > > > >
> > > > > I just learned that it was possible to relay mail through
> > > > > my sendmail daemon despite my telling linuxconf that there
> > > > > were no valid relay hosts and clients.  This is with
> > > > > sendmail 8.9.3 which should not do relay by default.  I'm
> > > > > now trying to configure sendmail using sendmail.mc and
> > > > > the m4 configuration tool.  Some links that I've discovered
> > > > > are:
> > > > >
> > > > > http://ordb.org/faq/#how_to_close
> > > > >
> > > > > http://www.sendmail.org/m4/anti-spam.html
> > > > >
> > > > > Can someone suggest a link to a site that will test you
> > > > > without blacklisting you if you fail ( like ordb.org does )?
> > > > >
> > > >
> > > > Did you ever find a site that can test? I'm also curious how you
> >tested
> > > > originally, or if it was just an article mentioning the possibility.
> >I,
> > > > for one, have my sendmail's port closed to all outside sources, but
> >I'd
> > > > still like to double-check it.
> > > >
> > > > D. Stimits, stimits at idcomm.com
> > >
> > > It seems that the best site for testing is http://orbz.org/ .
> > > I think that they do still black-list you if you fail but
> > > they also check other blacklisting sites so that if you get
> > > on multiple lists you can find out without having to wait for
> > > bounce messages.
> > >
> > > The way I found out was to get caught.  I'm annoyed that linuxconf
> > > continued to tell me that I had no valid relay clients.  I also
> > > checked to see whether the box had been compromised but could find
> > > no evidence of that.  ( I'm gad that linuxconf is now gone.  Broken
> > > sysadmin tools are worse than no tools. )
> > >
> > > ( Now if only I could find plumbing parts that even McGuckin's doesn't
> > > carry.)
> > >
> > > Scott