[ale] sendmail-8.12.11-4.RHEL3.4 - How to close open relay

James P. Kinney III jkinney at localnetsolutions.com
Wed May 3 16:20:04 EDT 2006 

Very bad situation.

access file:
localhost.localdomain           RELAY
localhost                       RELAY
127.0.0.1                       RELAY
192.168.1                       RELAY


192.168.1 is the internal LAN net.

That will shut down relay except for user login from the outside. That
is configured in sendmail.mc with:

 define(`confAUTH_OPTIONS', `A')dnl
 TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
 define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl


Now this is not perfect either as the username and password are sent as
clear text. A better method is to use ssl certificates and TLS methods
which encrypt the authentication transaction. 

But for fast and quick, apply the access file above with your LAN
settings and add the sendmail.mc line above (they may be commented out),
run the make and restart sendmail. Make a backup copy of sendmail.mc
first.

When you are done, run a test using http://www.abuse.net/relay.html


On Wed, 2006-05-03 at 15:11 -0400, Ryan Fish wrote:
> Hello all,
> 
>  
> 
> I need to find a way to close an open relay on a RHEL3 ES box running
> sendmail-8.12.11-4.RHEL3.4.  Currently /etc/mail/access is in use as
> well as poprelay but I can still send to anyone as anyone via a Telnet
> connection.  Any clues on where to look/what to change will be greatly
> appreciated.
> 
>  
> 
> Thank you.
> 
> -Ryan
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part

More information about the Ale mailing list