[ale] sendmail-8.12.11-4.RHEL3.4 - How to close open relay

Ryan Fish FishR at bellsouth.net
Wed May 3 17:10:53 EDT 2006


This is the contents of the current access file:

localhost.localdomain           RELAY
localhost                       RELAY
127.0.0.1                       RELAY
# This is internal production
192.168.3                       RELAY
# This is the corporate office even though pop-before-smtp should work
#216.91.89.130                  RELAY
# This is the VPN Connection between DC and the office
192.168.1                       RELAY
# This is the server's private ip address
10.18.62                        RELAY
# This is the public subnet for the primary web servers
209.XXX.XXX                     RELAY
# These are the public subnets for the server
#216                            RELAY
209.XXX.XXX                     RELAY



Sendmail.mc has the following in it:

dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
PLAIN')dnl

I honestly don't know that much about the config of sendmail so I can only
assume that having the "dnl" at the beginning of a line comments that option
out.  As long as mail from both POP3 users and an application running on
another server can still get through after making any changes I will
uncomment these lines, run "make -C /etc/mail" and restart sendmail.

Thank you.
-Ryan


-----Original Message-----
From: James P. Kinney III [mailto:jkinney at localnetsolutions.com] 
To: ale at ale.org
Sent: Wednesday, May 03, 2006 4:20 PM
To: Atlanta Linux Enthusiasts; FishR at bellsouth.net
Subject: Re: [ale] sendmail-8.12.11-4.RHEL3.4 - How to close open relay

Very bad situation.

access file:
localhost.localdomain           RELAY
localhost                       RELAY
127.0.0.1                       RELAY
192.168.1                       RELAY


192.168.1 is the internal LAN net.

That will shut down relay except for user login from the outside. That
is configured in sendmail.mc with:

 define(`confAUTH_OPTIONS', `A')dnl
 TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
 define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl


Now this is not perfect either as the username and password are sent as
clear text. A better method is to use ssl certificates and TLS methods
which encrypt the authentication transaction. 

But for fast and quick, apply the access file above with your LAN
settings and add the sendmail.mc line above (they may be commented out),
run the make and restart sendmail. Make a backup copy of sendmail.mc
first.

When you are done, run a test using http://www.abuse.net/relay.html


On Wed, 2006-05-03 at 15:11 -0400, Ryan Fish wrote:
> Hello all,
> 
>  
> 
> I need to find a way to close an open relay on a RHEL3 ES box running
> sendmail-8.12.11-4.RHEL3.4.  Currently /etc/mail/access is in use as
> well as poprelay but I can still send to anyone as anyone via a Telnet
> connection.  Any clues on where to look/what to change will be greatly
> appreciated.
> 
>  
> 
> Thank you.
> 
> -Ryan
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7





More information about the Ale mailing list