OT sendmail question

[Scott Silva]

Furnish, Trever G spake the following on 11/29/2006 6:47 PM:
>  
> 
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info 
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf 
>> Of Pentland G.
>> Sent: Wednesday, November 29, 2006 12:00 PM
>> To: MailScanner discussion
>> Subject: RE: OT sendmail question
> 
>> For you Trever, something simpler should suffice, I'd have to 
>> double check but the feature "relay_based_on_MX" would 
>> probably do it, or something like it, only allowing relaying 
>> for domains that you are an MX server for.
> 
> Doesn't relay_based_on_MX cause sendmail to relay for ***recipient***
> domains that it's listed as an MX for?  As in, "sure, I'll accept your
> message to bob at foo.com, because DNS says I'm an MX for foo.com"?
> 
> If so, that's not what I meant - I meant having the ability to reject an
> outgoing message FROM bob at foo.com because foo.com isn't one of my
> domains.  I hate when I see my internal relays being used to send a
> message to bob at foo.com FROM bob at foo.com, knowing that foo.com may very
> well reject the message because I'm not authorized to send mail from
> their domain.
> 
>> Gary
But your system should only relay for foo.com IF the messages come from one of
the IP addresses that are in foo.com. If the ip address resolves to
foobar.com, your system should say "no".
You need to check your system, especially your sendmail.mc and .cf files for
the proper settings. Your access file should only have relay lines for ip
addresses under your control. Relay lines for your domain name will cause
problems. Those should go into your relay-domains.


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!