romanmadrid.com

• Next message: Stefan Suurmeijer: "Re: [suse-security] Problems with sendmail & relay"
• Previous message: semat: "Re: [suse-security] Addendum -- Security updates have made me too secure?"
• Next in thread: Stefan Suurmeijer: "Re: [suse-security] Problems with sendmail & relay"
• Reply: Stefan Suurmeijer: "Re: [suse-security] Problems with sendmail & relay"
• Reply: Holger Rabbach: "Re: [suse-security] Problems with sendmail & relay"
• Reply: semat: "Re: [suse-security] Problems with sendmail & relay"
• Reply: Martin Hermanowski: "Re: [suse-security] Problems with sendmail & relay"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 Hi.

 I'm running SuSE 6.4 and need to run sendmail (host permanently
connected to Internet). By default, SM 8.9.3 comes with relay denied
for all. I want to set an acceptable secure sendmail. The scenario is
as follows:

- the smtp (mta) is aaa.bbbb.com (where aaa & bbbb are ficticious). I
want the rely denied by default but also want granted access for users
whom From:'s field is: *bbbb.com and *cccc.com (being cccc.com
another domain which is NOT local to the machine; bbbb.com is the
"local" domain, I mean, there is a MX record pointing to the mta's
ip.). The problem is that my users can connect to the smtp machine
from *ANY* ip. So the rely-filters only could trust in the "From:"
line in header's mail. I know this isn't too much secure, since
spammers could send mail spoofing the From: field (which is trivial).
But it's more secure than a sendmail running with "promiscuos relay"
feature turned on.

 I'm new to sendmail so I need some help. I've read some docs at
www.sendmail.org and have a look to O'Reilly sendmail book. But it
still doesn't working.

 These are the attempts I've made:
1) Using Yast, I created a /etc/sendmail.cf. Then I personalized a
little using Yast too and added the domain: bbbb.com and ddd.bbbb.com
(which is an alias to aaa.bbbb.com). Afterwards I modified
/etc/mail/access and added:
cccc.com RELY
Finally:
# makemap hash /etc/mail/access < /etc/mail/access
# /sbin/init.d/sendmail reload
(or killall -HUP sendmail)

 The result is that now I can send to recipients like: usercccc.com.
But this isn't the behaviour I want. What I want is that usercccc.com
can send (not be sent to) to any other recipient (at whatever domain)
using my mta.

2) 2nd attempt: this time I edited /etc/mail/linux.mc and added a
line:
FEATURE(`relay_local_from')
Compiled using:
# m4 /etc/mail/linux.mc > /etc/sendmail.cf
And reload sendmail:
# /sbin/init.d/sendmail reload
(Access file kept intact).

The result apparently is the same. I cannot send to any arbitrary
domain from usercccc.com.

 I'm quite desperated. What am I missing?????

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    ** RoMaN SoFt / LLFB **
       romanmadrid.com
   http://pagina.de/romansoft
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com

• Next message: Stefan Suurmeijer: "Re: [suse-security] Problems with sendmail & relay"
• Previous message: semat: "Re: [suse-security] Addendum -- Security updates have made me too secure?"
• Next in thread: Stefan Suurmeijer: "Re: [suse-security] Problems with sendmail & relay"
• Reply: Stefan Suurmeijer: "Re: [suse-security] Problems with sendmail & relay"
• Reply: Holger Rabbach: "Re: [suse-security] Problems with sendmail & relay"
• Reply: semat: "Re: [suse-security] Problems with sendmail & relay"
• Reply: Martin Hermanowski: "Re: [suse-security] Problems with sendmail & relay"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]