OT Sendmail help on new sendmail/MS/SA install
Alex Neuman van der Hans
alex at nkpanama.com
Tue Jun 14 17:43:45 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Although the advice by other listmembers is extremely thorough, you only
need a few things in order to have SMTP AUTH working out-of-the-box on
CentOS/RH/FC or whatever other distro...
1. Have saslauthd running
2. Have the following on /etc/mail/sendmail.mc:
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`confAUTH_OPTIONS', `A')dnl
3. Make sure you don't have any entries on your "/etc/mail/access" that
allow relaying, period. That way only authorized users will relay.
Yeah, I know what everyone's going to say... No support for "safe" AUTH
like CRAM-MD5 or DIGEST-MD5, "he should use SSL", etc. - But at least
it'll get him started, right?
In any case, try not to have users with easily guessable passwords. One
trick spammers are using lately is to use servers set up for AUTH to
relay their crap, using usernames like "admin/admin" or
"joeuser/password" or "joeuser/12345" and getting away with it.
Good luck...
DNSAdmin wrote:
> Hello All,
>
> I am already knee-deep into a new server that is implementing
> sendmail. Yes, I know I will get an earful of "not the appropriate
> list" or "you should really try/use QMail or Postfix." I don't know
> where else I could get an expert answer to this.
>
> I have a fresh MailScanner, SpamAssassin, Sendmail install on CentOS
> 3.4 (equivalent to RedHat 3.0 ES). I just cannot seem to put all the
> pieces of SMTP_AUTH together. I have a server that will relay mail if
> you spoof one of my addresses. I used to use popb4smtp and qpopper on
> an older sendmail installation, but It seems they are quite old and
> outdated?
>
> I have hit the Search engines and the sendmail.org site. I have found
> all kinds of links that have pieces of the puzzle, but no one puts it
> all together in a simple, concise, do this, this and this, TEST and be
> happy. I have tried many of the pieces and still get no Relaying at
> all. However, I'm anticipating the state where I end up unacceptably
> insecure and a gaping gateway waiting for a SPAMMER to poke holes!
>
> Some examples of my reading thus far:
> http://www.sendmail.org/m4/anti_spam.html
> http://www.sendmail.org/~ca/email/auth.html
> http://www.sendmail.org/~ca/email/check.html
> http://www.sendmail.org/~ca/email/relayingdenied.html
> http://www.linux-sec.net/Mail/Sendmail/
> http://www.centos.org/modules/newbb/viewtopic.php?topic_id=589&forum=31&post_id=1967#forumpost1967
>
>
> So far this appears the most promising:
> http://www.sendmail.org/~ca/email/roaming.html
>
> Is it really that bad??? This does not appear to be simple. It looks
> like a good opportunity for me to wreck the server!
>
> Please! Links? Help? Am I suffering TMI?
>
> I am going to have all kinds of Windows Outlook, Mac Entourage,
> Eudora, Thunderbird users some of which who will not want to or
> understand how to authenticate over SSL. A few might. I will have
> roaming users. I will work on TLS/SSL after I get some sort of SMTP
> authentication working. It will have to be a plain old ISP-style mail
> server to start, but I need SMTP authentication!
>
> Thanks,
> Glenn Parsons
>
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list