Best Way to Control Relaying?
Azher Amin
azher at niit.edu.pk
Fri Apr 20 06:23:42 IST 2007
Hi Nauman,
To force everyone for the Auth before sending email, try enabling
SMTP-AUTH with SASL and removing your local ip blocks from access.
-Azher Amin
Muhammad Nauman wrote:
> Is there Any Other Relay Controlling Mechanism in Sendmail, which can
> over ride the access file ?
>
> And What if i want to Force Sendmail to Authenticate Every User Before
> sending any mail , once you start your OUTLOOK .
>
> Like when you Exit you outlook and then login again and then try to
> send a new mail - it should again ask for AUTH.
>
> Any HELP !!!
>
>
> Thanks and Regards,
>
> M.Nauman Habib
> Network Engineer
>
> ----- Original Message -----
> *From:* Muhammad Nauman <mailto:nauman at worldcall.net.pk>
> *To:* MailScanner discussion
> <mailto:mailscanner at lists.mailscanner.info>
> *Sent:* Thursday, April 19, 2007 4:11 PM
> *Subject:* Re: Best Way to Control Relaying?
>
> Nopz, it the same from 4 difference machines and i have no
> whitelisted machine , just configured MailScanner-4.58.9-1
> and Sendmail 8.14.1
>
> Thanks and Regards,
>
> M.Nauman Habib
> Network Engineer
>
> ----- Original Message -----
> *From:* Arthur Sherman <mailto:arturs at netvision.net.il>
> *To:* 'MailScanner discussion'
> <mailto:mailscanner at lists.mailscanner.info>
> *Sent:* Thursday, April 19, 2007 3:53 PM
> *Subject:* RE: Best Way to Control Relaying?
>
> could it be that you connect from whitelisted machine?
>
>
> Best,
>
> --
> Arthur
>
>
>
> ------------------------------------------------------------------------
> *From:* mailscanner-bounces at lists.mailscanner.info
> <mailto:mailscanner-bounces at lists.mailscanner.info>
> [mailto:mailscanner-bounces at lists.mailscanner.info] *On
> Behalf Of *Muhammad Nauman
> *Sent:* Thursday, April 19, 2007 1:42 PM
> *To:* MailScanner discussion
> *Subject:* Best Way to Control Relaying?
>
>
> Best Way to Control Relaying?
>
> ------------------------------------------------------------------------
>
> Hi all,
>
> Despite having this in my access file
>
> # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
> # package.
> #
> # by default we allow relaying from localhost...
> localhost.localdomain RELAY
> localhost RELAY
> AUTH : OK
> * : REJECT
>
> # makemap hash /etc/mail/access.db < /etc/mail/access
>
> and i can clearly see the my sendmail is compiled with AUTH options - As i telnet from another machine
>
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-8BITMIME
> 250-SIZE 15000000
> 250-AUTH LOGIN PLAIN
> 250-DELIVERBY
> 250 HELP
>
> Its still Not blocking the mail
>
> 250 HELP
> Mail from:*MailScanner has detected a possible fraud attempt from "lists.mailscanner.info" claiming to be* no at no.com <http://lists.mailscanner.info/mailman/listinfo/mailscanner>
> 250 2.1.0 *MailScanner has detected a possible fraud attempt from "lists.mailscanner.info" claiming to be* no at no.com... <http://lists.mailscanner.info/mailman/listinfo/mailscanner> Sender ok
> RCPT to:*MailScanner has detected a possible fraud attempt from "lists.mailscanner.info" claiming to be* no at no.com <http://lists.mailscanner.info/mailman/listinfo/mailscanner>
> 250 2.1.5 *MailScanner has detected a possible fraud attempt from "lists.mailscanner.info" claiming to be* no at no.com... <http://lists.mailscanner.info/mailman/listinfo/mailscanner> Recipient ok
>
> Any idea to why is it still acting like this - where it should not !!
>
> My Sendmail is Compiled with these options as in devtools/Site/site
>
> ##############################################################
>
> APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER')
> APPENDDEF(`conf_libmilter_ENVDEF', `-D_FFR_MILTER_ROOT_UNSAFE')
> dnl SASL2
> APPENDDEF(`conf_sendmail_ENVDEF', `-DSASL=2')
> APPENDDEF(`conf_sendmail_LIBS', `-lsasl2')
> APPENDDEF(`confLIBDIRS', `-L/usr/local/lib/sasl')
> APPENDDEF(`confINCDIRS', `-I/usr/local/include')
> dnl BERKELEY DB
> APPENDDEF(`confMAPDEF', `-DNEWDB')
>
> #################################################################
>
> my Sendmail.mc is :
>
> ----------------------------------------------------------------
>
> divert(-1)dnl
>
> divert(0)dnl
> VERSIONID(`Custom Linux config by Douglas Hunley /doug at hunley.homeip.net/ ')
> OSTYPE(linux)dnl
> DOMAIN(generic)dnl
> undefine(`UUCP_RELAY')dnl
> FEATURE(nouucp, `reject')dnl
> FEATURE(`delay_checks')dnl
> undefine(`BITNET_RELAY')dnl
> define(`confAUTH_OPTIONS', `A')dnl
> define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
> TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
> define(`confDEF_CHAR_SET', `iso-8859-1')dnl
> define(`confMAX_MESSAGE_SIZE', `25000000')dnl Denial of Service Attacks
> define(`confMAX_DAEMON_CHILDREN', `100')dnl Denial of Service Attacks
> define(`confCONNECTION_RATE_THROTTLE', `9')dnl Denial of Service Attacks
> define(`confMAXRCPTSPERMESSAGE', `50')dnl Denial of service Attacks
> define(`confSINGLE_LINE_FROM_HEADER', `True')dnl
> define(`confSMTP_LOGIN_MSG', `$j')dnl
> define(`confDONT_PROBE_INTERFACES', `True')dnl
> define(`confTO_INITIAL', `6m')dnl
> define(`confTO_CONNECT', `20s')dnl
> define(`confTO_HELO', `5m')dnl
> define(`confTO_HOSTSTATUS', `2m')dnl
> define(`confTO_DATAINIT', `6m')dnl
> define(`confTO_DATABLOCK', `35m')dnl
> define(`confTO_DATAFINAL', `35m')dnl
> define(`confDIAL_DELAY', `20s')dnl
> define(`confNO_RCPT_ACTION', `add-apparently-to')dnl
> define(`confALIAS_WAIT', `0')dnl
> define(`confMAX_HOP', `35')dnl
> define(`confQUEUE_LA', `5')dnl
> define(`confREFUSE_LA', `12')dnl
> define(`confSEPARATE_PROC', `False')dnl
> define(`confCON_EXPENSIVE', `true')dnl
> define(`confWORK_RECIPIENT_FACTOR', `1000')dnl
> define(`confWORK_TIME_FACTOR', `3000')dnl
> define(`confQUEUE_SORT_ORDER', `Time')dnl
> define(`confPRIVACY_FLAGS', `authwarnings,goaway,restrictmailq,restrictqrun,needmailhelo')dnl
> FEATURE(`generics_entire_domain')dnl
> FEATURE(`local_procmail')dnl
> FEATURE(`masquerade_envelope')dnl
> FEATURE(`nouucp',`reject')dnl
> FEATURE(`redirect')dnl
> FEATURE(`relay_entire_domain')dnl
> FEATURE(`use_cw_file')dnl
> FEATURE(`virtuser_entire_domain')dnl
> FEATURE(access_db, `hash -T<TMPF> /etc/mail/access')dnl
> FEATURE(lookupdotdomain)dnl
> FEATURE(`blacklist_recipients')dnl
> FEATURE(`no_default_msa')dnl
> define(`confDONT_PROBE_INTERFACES', true)dnl
> define(`confBAD_RCPT_THROTTLE',`2')dnl
> define(`confTO_IDENT',`0')dnl
> define(`confSMTP_LOGIN_MSG',`')dnl
> define(`confMIN_FREE_BLOCKS', 4000)dnl
> define(`confMAX_DAEMON_CHILDREN', 100)dnl
> define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
> define(`STATUS_FILE', `/etc/mail/statistics')dnl
> FEATURE(`virtusertable', `hash /etc/mail/virtusertable')dnl
> define(`confPRIVACY_FLAGS', `authwarnings,goaway,noreceipts,noexpn,novrfy,noetrn,needmailhelo,restrictmailq,restrictqrun,restrictexpand,nobodyreturn')dnl
> define(`HELP_FILE', `/dev/null')dnl
> FEATURE(smrsh, `/usr/sbin/smrsh')dnl
> FEATURE(ratecontrol)dnl
> FEATURE(conncontrol)dnl
> dnl FEATURE(`greet_pause',`3000')dnl
> FEATURE(`mailertable')dnl
> FEATURE(`always_add_domain')dnl
> FEATURE(`use_cw_file')dnl
> FEATURE(`local_procmail')dnl
> MAILER(local)dnl
> MAILER(procmail)dnl
> MAILER(smtp)dnl
> ___________________________________________________________________________________________________________________
>
> I m Really Worried Beacause Even When i Empty my Access file and then Makemap hasth Access.db file it still allows mail as :
>
>
> >telnet 192.168.1.9 25
>
>
> 220 ESMTP
> ehlo qmail
> 250-worldcall.net.pk Hello noc.worldcall.net.pk [203.81.1] you
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-8BITMIME
> 250-SIZE 25000000
> 250-AUTH LOGIN PLAIN
> 250-DELIVERBY
> 250 HELP
> mail from:anyone at what.com
> 250 2.1.0 anyone at what.com <mailto:anyone at what.com>... Sender ok
> rcpt to:all at all.com
> 250 2.1.5 all at all.com <mailto:all at all.com>... Recipient ok
> data
>
> 354 Enter mail, end with "." on a line by itself
> .
>
> 354 Enter mail, end with "." on a line by itself
> 250 2.0.0 l3JFQaWT004671 Message accepted for delivery
>
> Please HELP !!
>
> Thanking in Advance.
>
> Nauman.
>
> ------------------------------------------------------------------------
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> ------------------------------------------------------------------------
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list