securing relay...

David Grecco david at GRECCOCONSULTING.COM
Tue Oct 4 00:33:30 IST 2005


JD,

I have the exact same setup.  Make sure you specify in the access table
of Sendmail (Spam Control if you are using Webmin) to only allow relay
from the IP of your Exchange Server (i.e. Connect:10.10.10.10	RELAY in
/etc/mail/access).  The IP will most likely be the Public IP of your
exchange server unless you are running a vpn tunnel or private
connection between the two (not a bad idea).  Also, make sure that on
your exchange server you only allow connections from the MailScanner
server.  

Hope this helps.  Feel free to contact me directly if you want me to
elaborate.

David Grecco

-----Original Message-----
From: owner-mailscanner at jiscmail.ac.uk
[mailto:owner-mailscanner at jiscmail.ac.uk] On Behalf Of JD Doelitzsch
Sent: Monday, October 03, 2005 4:53 PM
To: MailScanner mailing list
Subject: securing relay...

Hey guys,

Im not sure if this has to do with MailScanner or not, because its just
totally beyond me, maybe you can shed some light or point me in the
right
direction. The setup is MailScanner pushes to exchange via
Mailertable/sendmail. Access only has mydomain.com in it. When I telnet
to
the MS box relay-denied(good) when trying to send other than
mydomain.net as
far as i can tell, But when monitoring packets I see spam originating or
relaying from my MS server to the net. It's getting me blacklisted. What
kind of command lets people relay? thats the one thing i can't verify
when
looking through the packets. I would like the MSbox only to relay to my
exchange server and nowhere else. The only thing i can think or is to
put a
firewall on the MS box to only allow outgoing to my exchange box. What
would
be the forseeable results of that? is there a better way?

-JD

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

-- 
This message has been scanned for viruses and
dangerous content by the GCS Mail Gateway,
and is believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by the GCS Mail Gateway,
and is believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list