Best Way to Control Relaying?

Azher Amin azher at niit.edu.pk
Fri Apr 20 06:25:23 IST 2007


Further you can also configure SASL to authenticate from MYSQL for 
allowing SMTP-AUTH to everyone or not.

-Azher

Muhammad Nauman wrote:
> Is there Any Other Relay Controlling Mechanism in Sendmail, which can 
> over ride the access file ?
>  
> And What if i want to Force Sendmail to Authenticate Every User Before 
> sending any mail , once you start your OUTLOOK .
>  
> Like when you Exit you outlook and then login again and then try to 
> send a new mail - it should again ask for AUTH.
>  
> Any HELP !!!
>  
>  
> Thanks and Regards,
>  
> M.Nauman Habib
> Network Engineer
>
>     ----- Original Message -----
>     *From:* Muhammad Nauman <mailto:nauman at worldcall.net.pk>
>     *To:* MailScanner discussion
>     <mailto:mailscanner at lists.mailscanner.info>
>     *Sent:* Thursday, April 19, 2007 4:11 PM
>     *Subject:* Re: Best Way to Control Relaying?
>
>     Nopz, it the same from 4 difference machines and i have no
>     whitelisted machine , just configured MailScanner-4.58.9-1
>     and Sendmail 8.14.1
>      
>     Thanks and Regards,
>      
>     M.Nauman Habib
>     Network Engineer
>
>         ----- Original Message -----
>         *From:* Arthur Sherman <mailto:arturs at netvision.net.il>
>         *To:* 'MailScanner discussion'
>         <mailto:mailscanner at lists.mailscanner.info>
>         *Sent:* Thursday, April 19, 2007 3:53 PM
>         *Subject:* RE: Best Way to Control Relaying?
>
>         could it be that you connect from whitelisted machine?
>          
>
>         Best,
>
>         --
>         Arthur
>
>          
>
>             ------------------------------------------------------------------------
>             *From:* mailscanner-bounces at lists.mailscanner.info
>             <mailto:mailscanner-bounces at lists.mailscanner.info>
>             [mailto:mailscanner-bounces at lists.mailscanner.info] *On
>             Behalf Of *Muhammad Nauman
>             *Sent:* Thursday, April 19, 2007 1:42 PM
>             *To:* MailScanner discussion
>             *Subject:* Best Way to Control Relaying?
>
>
>               Best Way to Control Relaying?
>
>             ------------------------------------------------------------------------
>
>             Hi all,
>
>             Despite having this in my access file
>
>             # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
>             # package.
>             #
>             # by default we allow relaying from localhost...
>             localhost.localdomain           RELAY
>             localhost                       RELAY
>             AUTH    : OK
>             *       : REJECT
>
>             # makemap hash /etc/mail/access.db < /etc/mail/access
>
>             and i can clearly see the my sendmail is compiled with AUTH options - As i telnet from another machine
>
>             250-ENHANCEDSTATUSCODES
>             250-PIPELINING
>             250-8BITMIME
>             250-SIZE 15000000
>             250-AUTH LOGIN PLAIN
>             250-DELIVERBY
>             250 HELP
>
>             Its still Not blocking the mail 
>
>             250 HELP
>             Mail from:*MailScanner has detected a possible fraud attempt from "lists.mailscanner.info" claiming to be* no at no.com <http://lists.mailscanner.info/mailman/listinfo/mailscanner>
>             250 2.1.0 *MailScanner has detected a possible fraud attempt from "lists.mailscanner.info" claiming to be* no at no.com... <http://lists.mailscanner.info/mailman/listinfo/mailscanner> Sender ok
>             RCPT to:*MailScanner has detected a possible fraud attempt from "lists.mailscanner.info" claiming to be* no at no.com <http://lists.mailscanner.info/mailman/listinfo/mailscanner>
>             250 2.1.5 *MailScanner has detected a possible fraud attempt from "lists.mailscanner.info" claiming to be* no at no.com... <http://lists.mailscanner.info/mailman/listinfo/mailscanner> Recipient ok
>
>             Any idea to why is it still acting like this - where it should not !!
>
>             My Sendmail is Compiled with these options as in devtools/Site/site
>
>             ##############################################################
>
>             APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER')
>             APPENDDEF(`conf_libmilter_ENVDEF', `-D_FFR_MILTER_ROOT_UNSAFE')
>             dnl SASL2
>             APPENDDEF(`conf_sendmail_ENVDEF', `-DSASL=2')
>             APPENDDEF(`conf_sendmail_LIBS', `-lsasl2')
>             APPENDDEF(`confLIBDIRS', `-L/usr/local/lib/sasl')
>             APPENDDEF(`confINCDIRS', `-I/usr/local/include')
>             dnl BERKELEY DB
>             APPENDDEF(`confMAPDEF', `-DNEWDB')
>
>             #################################################################
>
>             my Sendmail.mc is :
>
>             ----------------------------------------------------------------
>
>             divert(-1)dnl
>
>             divert(0)dnl
>             VERSIONID(`Custom Linux config by Douglas Hunley /doug at hunley.homeip.net/ ')
>             OSTYPE(linux)dnl
>             DOMAIN(generic)dnl
>             undefine(`UUCP_RELAY')dnl
>             FEATURE(nouucp, `reject')dnl
>             FEATURE(`delay_checks')dnl
>             undefine(`BITNET_RELAY')dnl
>             define(`confAUTH_OPTIONS', `A')dnl
>             define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
>             TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
>             define(`confDEF_CHAR_SET', `iso-8859-1')dnl
>             define(`confMAX_MESSAGE_SIZE', `25000000')dnl Denial of Service Attacks
>             define(`confMAX_DAEMON_CHILDREN', `100')dnl Denial of Service Attacks
>             define(`confCONNECTION_RATE_THROTTLE', `9')dnl Denial of Service Attacks
>             define(`confMAXRCPTSPERMESSAGE', `50')dnl Denial of service Attacks
>             define(`confSINGLE_LINE_FROM_HEADER', `True')dnl
>             define(`confSMTP_LOGIN_MSG', `$j')dnl
>             define(`confDONT_PROBE_INTERFACES', `True')dnl
>             define(`confTO_INITIAL', `6m')dnl
>             define(`confTO_CONNECT', `20s')dnl
>             define(`confTO_HELO', `5m')dnl
>             define(`confTO_HOSTSTATUS', `2m')dnl
>             define(`confTO_DATAINIT', `6m')dnl
>             define(`confTO_DATABLOCK', `35m')dnl
>             define(`confTO_DATAFINAL', `35m')dnl
>             define(`confDIAL_DELAY', `20s')dnl
>             define(`confNO_RCPT_ACTION', `add-apparently-to')dnl
>             define(`confALIAS_WAIT', `0')dnl
>             define(`confMAX_HOP', `35')dnl
>             define(`confQUEUE_LA', `5')dnl
>             define(`confREFUSE_LA', `12')dnl
>             define(`confSEPARATE_PROC', `False')dnl
>             define(`confCON_EXPENSIVE', `true')dnl
>             define(`confWORK_RECIPIENT_FACTOR', `1000')dnl
>             define(`confWORK_TIME_FACTOR', `3000')dnl
>             define(`confQUEUE_SORT_ORDER', `Time')dnl
>             define(`confPRIVACY_FLAGS', `authwarnings,goaway,restrictmailq,restrictqrun,needmailhelo')dnl
>             FEATURE(`generics_entire_domain')dnl
>             FEATURE(`local_procmail')dnl
>             FEATURE(`masquerade_envelope')dnl
>             FEATURE(`nouucp',`reject')dnl
>             FEATURE(`redirect')dnl
>             FEATURE(`relay_entire_domain')dnl
>             FEATURE(`use_cw_file')dnl
>             FEATURE(`virtuser_entire_domain')dnl
>             FEATURE(access_db, `hash -T<TMPF> /etc/mail/access')dnl
>             FEATURE(lookupdotdomain)dnl
>             FEATURE(`blacklist_recipients')dnl
>             FEATURE(`no_default_msa')dnl
>             define(`confDONT_PROBE_INTERFACES', true)dnl
>             define(`confBAD_RCPT_THROTTLE',`2')dnl
>             define(`confTO_IDENT',`0')dnl
>             define(`confSMTP_LOGIN_MSG',`')dnl
>             define(`confMIN_FREE_BLOCKS', 4000)dnl
>             define(`confMAX_DAEMON_CHILDREN', 100)dnl
>             define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
>             define(`STATUS_FILE', `/etc/mail/statistics')dnl
>             FEATURE(`virtusertable', `hash /etc/mail/virtusertable')dnl
>             define(`confPRIVACY_FLAGS', `authwarnings,goaway,noreceipts,noexpn,novrfy,noetrn,needmailhelo,restrictmailq,restrictqrun,restrictexpand,nobodyreturn')dnl
>             define(`HELP_FILE', `/dev/null')dnl
>             FEATURE(smrsh, `/usr/sbin/smrsh')dnl
>             FEATURE(ratecontrol)dnl
>             FEATURE(conncontrol)dnl
>             dnl FEATURE(`greet_pause',`3000')dnl
>             FEATURE(`mailertable')dnl
>             FEATURE(`always_add_domain')dnl
>             FEATURE(`use_cw_file')dnl
>             FEATURE(`local_procmail')dnl
>             MAILER(local)dnl
>             MAILER(procmail)dnl
>             MAILER(smtp)dnl
>             ___________________________________________________________________________________________________________________
>
>             I m Really Worried Beacause Even When i Empty my Access file and then Makemap hasth Access.db file it still allows mail as :
>                     
>
>             >telnet 192.168.1.9 25
>              
>
>             220  ESMTP
>             ehlo qmail
>             250-worldcall.net.pk Hello noc.worldcall.net.pk [203.81.1] you
>             250-ENHANCEDSTATUSCODES
>             250-PIPELINING
>             250-8BITMIME
>             250-SIZE 25000000
>             250-AUTH LOGIN PLAIN
>             250-DELIVERBY
>             250 HELP
>             mail from:anyone at what.com
>             250 2.1.0 anyone at what.com <mailto:anyone at what.com>... Sender ok
>             rcpt to:all at all.com
>             250 2.1.5 all at all.com <mailto:all at all.com>... Recipient ok
>             data
>
>             354 Enter mail, end with "." on a line by itself
>             .
>
>             354 Enter mail, end with "." on a line by itself
>             250 2.0.0 l3JFQaWT004671 Message accepted for delivery
>
>             Please HELP !!
>
>             Thanking in Advance.
>
>             Nauman.
>
>         ------------------------------------------------------------------------
>         -- 
>         MailScanner mailing list
>         mailscanner at lists.mailscanner.info
>         http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>         Before posting, read http://wiki.mailscanner.info/posting
>
>         Support MailScanner development - buy the book off the website!
>
>     ------------------------------------------------------------------------
>     -- 
>     MailScanner mailing list
>     mailscanner at lists.mailscanner.info
>     http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>     Before posting, read http://wiki.mailscanner.info/posting
>
>     Support MailScanner development - buy the book off the website!
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean. 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list