Best Way to Control Relaying?
Arthur Sherman
arturs at netvision.net.il
Fri Apr 20 09:28:58 IST 2007
Nauman,
could you post your sendmail.mc so people get a better clue what is in it?
Please don't post in HTML - i've heard many people are frustrated by HTML in
mailing list, so they won't answer just because of it.
Best,
--
Arthur
_____
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Muhammad
Nauman
Sent: Friday, April 20, 2007 8:06 AM
To: MailScanner discussion
Subject: Re: Best Way to Control Relaying?
Is there Any Other Relay Controlling Mechanism in Sendmail, which can over
ride the access file ?
And What if i want to Force Sendmail to Authenticate Every User Before
sending any mail , once you start your OUTLOOK .
Like when you Exit you outlook and then login again and then try to send a
new mail - it should again ask for AUTH.
Any HELP !!!
Thanks and Regards,
M.Nauman Habib
Network Engineer
----- Original Message -----
From: Muhammad Nauman <mailto:nauman at worldcall.net.pk>
To: MailScanner discussion <mailto:mailscanner at lists.mailscanner.info>
Sent: Thursday, April 19, 2007 4:11 PM
Subject: Re: Best Way to Control Relaying?
Nopz, it the same from 4 difference machines and i have no whitelisted
machine , just configured MailScanner-4.58.9-1
and Sendmail 8.14.1
Thanks and Regards,
M.Nauman Habib
Network Engineer
----- Original Message -----
From: Arthur Sherman <mailto:arturs at netvision.net.il>
To: 'MailScanner <mailto:mailscanner at lists.mailscanner.info> discussion'
Sent: Thursday, April 19, 2007 3:53 PM
Subject: RE: Best Way to Control Relaying?
could it be that you connect from whitelisted machine?
Best,
--
Arthur
_____
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Muhammad
Nauman
Sent: Thursday, April 19, 2007 1:42 PM
To: MailScanner discussion
Subject: Best Way to Control Relaying?
Best Way to Control Relaying?
_____
Hi all,
Despite having this in my access file
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
localhost.localdomain RELAY
localhost RELAY
AUTH : OK
* : REJECT
# makemap hash /etc/mail/access.db < /etc/mail/access
and i can clearly see the my sendmail is compiled with AUTH options - As i
telnet from another machine
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 15000000
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
Its still Not blocking the mail
250 HELP
Mail from:no at no.com
<http://lists.mailscanner.info/mailman/listinfo/mailscanner>
250 2.1.0 no at no.com...
<http://lists.mailscanner.info/mailman/listinfo/mailscanner> Sender ok
RCPT to:no at no.com
<http://lists.mailscanner.info/mailman/listinfo/mailscanner>
250 2.1.5 no at no.com...
<http://lists.mailscanner.info/mailman/listinfo/mailscanner> Recipient ok
Any idea to why is it still acting like this - where it should not !!
My Sendmail is Compiled with these options as in devtools/Site/site
##############################################################
APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER')
APPENDDEF(`conf_libmilter_ENVDEF', `-D_FFR_MILTER_ROOT_UNSAFE')
dnl SASL2
APPENDDEF(`conf_sendmail_ENVDEF', `-DSASL=2')
APPENDDEF(`conf_sendmail_LIBS', `-lsasl2')
APPENDDEF(`confLIBDIRS', `-L/usr/local/lib/sasl')
APPENDDEF(`confINCDIRS', `-I/usr/local/include')
dnl BERKELEY DB
APPENDDEF(`confMAPDEF', `-DNEWDB')
#################################################################
my Sendmail.mc is :
----------------------------------------------------------------
divert(-1)dnl
divert(0)dnl
VERSIONID(`Custom Linux config by Douglas Hunley /doug at hunley.homeip.net/
')
OSTYPE(linux)dnl
DOMAIN(generic)dnl
undefine(`UUCP_RELAY')dnl
FEATURE(nouucp, `reject')dnl
FEATURE(`delay_checks')dnl
undefine(`BITNET_RELAY')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confDEF_CHAR_SET', `iso-8859-1')dnl
define(`confMAX_MESSAGE_SIZE', `25000000')dnl Denial of Service Attacks
define(`confMAX_DAEMON_CHILDREN', `100')dnl Denial of Service Attacks
define(`confCONNECTION_RATE_THROTTLE', `9')dnl Denial of Service Attacks
define(`confMAXRCPTSPERMESSAGE', `50')dnl Denial of service Attacks
define(`confSINGLE_LINE_FROM_HEADER', `True')dnl
define(`confSMTP_LOGIN_MSG', `$j')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`confTO_INITIAL', `6m')dnl
define(`confTO_CONNECT', `20s')dnl
define(`confTO_HELO', `5m')dnl
define(`confTO_HOSTSTATUS', `2m')dnl
define(`confTO_DATAINIT', `6m')dnl
define(`confTO_DATABLOCK', `35m')dnl
define(`confTO_DATAFINAL', `35m')dnl
define(`confDIAL_DELAY', `20s')dnl
define(`confNO_RCPT_ACTION', `add-apparently-to')dnl
define(`confALIAS_WAIT', `0')dnl
define(`confMAX_HOP', `35')dnl
define(`confQUEUE_LA', `5')dnl
define(`confREFUSE_LA', `12')dnl
define(`confSEPARATE_PROC', `False')dnl
define(`confCON_EXPENSIVE', `true')dnl
define(`confWORK_RECIPIENT_FACTOR', `1000')dnl
define(`confWORK_TIME_FACTOR', `3000')dnl
define(`confQUEUE_SORT_ORDER', `Time')dnl
define(`confPRIVACY_FLAGS',
`authwarnings,goaway,restrictmailq,restrictqrun,needmailhelo')dnl
FEATURE(`generics_entire_domain')dnl
FEATURE(`local_procmail')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`nouucp',`reject')dnl
FEATURE(`redirect')dnl
FEATURE(`relay_entire_domain')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`virtuser_entire_domain')dnl
FEATURE(access_db, `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(lookupdotdomain)dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`no_default_msa')dnl
define(`confDONT_PROBE_INTERFACES', true)dnl
define(`confBAD_RCPT_THROTTLE',`2')dnl
define(`confTO_IDENT',`0')dnl
define(`confSMTP_LOGIN_MSG',`')dnl
define(`confMIN_FREE_BLOCKS', 4000)dnl
define(`confMAX_DAEMON_CHILDREN', 100)dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`STATUS_FILE', `/etc/mail/statistics')dnl
FEATURE(`virtusertable', `hash /etc/mail/virtusertable')dnl
define(`confPRIVACY_FLAGS',
`authwarnings,goaway,noreceipts,noexpn,novrfy,noetrn,needmailhelo,restrictma
ilq,restrictqrun,restrictexpand,nobodyreturn')dnl
define(`HELP_FILE', `/dev/null')dnl
FEATURE(smrsh, `/usr/sbin/smrsh')dnl
FEATURE(ratecontrol)dnl
FEATURE(conncontrol)dnl
dnl FEATURE(`greet_pause',`3000')dnl
FEATURE(`mailertable')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`local_procmail')dnl
MAILER(local)dnl
MAILER(procmail)dnl
MAILER(smtp)dnl
____________________________________________________________________________
_______________________________________
I m Really Worried Beacause Even When i Empty my Access file and then
Makemap hasth Access.db file it still allows mail as :
>telnet 192.168.1.9 25
220 ESMTP
ehlo qmail
250-worldcall.net.pk Hello noc.worldcall.net.pk [203.81.1] you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 25000000
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
mail from:anyone at what.com
250 2.1.0 anyone at what.com... Sender ok
rcpt to:all at all.com
250 2.1.5 all at all.com... Recipient ok
data
354 Enter mail, end with "." on a line by itself
.
354 Enter mail, end with "." on a line by itself
250 2.0.0 l3JFQaWT004671 Message accepted for delivery
Please HELP !!
Thanking in Advance.
Nauman.
_____
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
_____
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070420/d127f30b/attachment-0001.html
More information about the MailScanner
mailing list