Thanks in advance!
-- Philippe Chaintreuil
> However, if someone sends mail from someone on my server to someone on
> my server, AUTH is not required apparently. (ie,
> news...@parallaxshift.com to ju...@parallaxshift.com does *not*
> require AUTH). Any ideas on how to fix this, so that anyone sending
> mail with a MAIL FROM: of my server has to go through AUTH?
That would certainly break things; how would crond||atd email the notice of
a scheduled task completion||failure?
Okay, so maybe localhost would get a free pass from the access.db or
something. My current problem is that people can spam me by faking mail
from my server, to my server. At this point, this is about 90% of my spam.
-- Philippe Chaintreuil
As far I know, normally there is NO any relation between MAIL FROM
and when AUTH is required.
Normally there is relation between RCPT TO and when AUTH is required.
In other words config usually is 'require auth for relaying'.
/ Kari Hurtta
You mean allow mail from any us...@example.com to come in, but not mail
from one specific domain, us...@parallaxshift.com? So it would be harder
for your own users to send mail than for anyone else.
Probably doable with Local_check_mail. First check for any value of
$&{auth_type} and return OK. Then check whether the sender address
is in your domain and return error (possibly by using access.db with
an entry for parallaxshift.com REJECT).
Joseph Brennan Columbia University in the City of New York
bre...@columbia.edu
Part of the problem here, simply put, is that the same protocol used
for USERS to send mail is the protocol for SERVERS to send mail.
I.e. when a user f...@bar.com connects to his server to send mail to
b...@bar.com, it is JUST AS IF j...@aol.com had sent mail to b...@bar.com,
and AOL's mail server had sent it through. There's NO difference in
the protocol (other than the auth phase), which if you're delivering to
a locally accepted domain is not required.
EHLO domainname
MAIL FROM b...@aol.com
RCPT TO b...@baz.com
Now, that said -- all your users REALLY SHOULD be using the mail
submission port anyway (587), and auth should be required on that (as
it is, most ISPs are blocking 25 now anyway -- and auth being required
is important to prevent people from trying to directly deliver spam to
that port).
If you *REALLY* have a problem with 90 percent of your spam coming from
forged things @yourdomain, you might want to look into SPF. It
shouldn't affect your users (because they're using AUTH), but if you
set the records properly, saying "my mail will come from my server ONLY
(with the hard fail option)"
As a side note, I had a problem similar to this with my spamfiltering
stuff (SpamAssassin), because I had whitelisted anything@mydomain,
instead of writing a proper rule to actually LOOK for the AUTH header
in the signature.
This means that I do not allow RELAY to anyone unless they AUTH first.
This
server forwards all email to the Message Store server (MS MTA) where
users retreive email via IMAP or POP.
best regards,
the IETF recommends to separate internal (trusted?) SMTP users
from external inbound SMTP conections, that is why there
is a future Message Submission Protocol to be standarized...
(currently not IETF standard).
best regards,
Hi all ,
Like Philippe I am also facing the same problem . I want all
the mails to be authenticated whether they are sent to my same server
or outside server.Even though I removed all relay statements in my
access.db file the problem is the same . If any knowledgable person
knows the answer kindly post it.
suresh
Test this.
SLocal_check_mail
R$* $: $1 $| $&{auth_type}
R$* $| $+ $@ good: sent with auth
R$* $| $* $: $1 $| $>A <$&{client_addr}> <?> <+ connect> <>
R$* $| < RELAY > < > $@ good: access.db says RELAY
R$* $# error $@ 5.7.1 $: 553 Authentication required
And make sure access.db has at least: Connect:127.0.0.1 RELAY
Joseph Brennan
One more issue that the lines given by you
should be placed in the "sendmail.cf" file . How can I add the same
feature using the sendmail.mc file because when I add some more
features in sendmail.mc and build the sendmail.cf file the old contents
are overwritten by them . So Each time I need to give the same lines
again and again in the sendmail.cf file .So If there is possibility to
give the same feature in sendmail.mc file it will be very useful .
Kindly inform me if you know . Once Again I really thank you for your
effort and the suggestion give to me. I am expecting the final solution
.
Thanks in advance
Suresh
Suresh Kumar
<SNIP>
> Now, that said -- all your users REALLY SHOULD be using the mail
> submission port anyway (587), and auth should be required on that (as
> it is, most ISPs are blocking 25 now anyway -- and auth being required
> is important to prevent people from trying to directly deliver spam to
> that port).
Can you say a bit more about this, or perhaps provide a URL to some
relevant docs please. I am unclear on just why using the submit port
is better, how it works, etc ...
--
----------------------------------------------------------------------------
Tim Daneliuk tun...@tundraware.com
PGP Key: http://www.tundraware.com/PGP/
Suresh
Suresh Kumar
My post stated that he should be using the submission port, WITH AUTH
REQUIRED (i.e. add M=a to DaemonPortOptions)
If you'd like details on why it's better/suggested, check here:
http://www.faqs.org/rfcs/rfc2476.html
Or search for "587" in RFC3013.
* You asked:
But I want the same
effect to be placed in sendmail.mc file instead of adding the given
contents in sendmail.cf fil
* I answered:
For example
LOCAL_RULESETS
SLocal_check_mail
...
* Your original ruleset on sendmail.cf was following I suppose:
SLocal_check_mail
R$* $: $1 $| $&{auth_type}
R$* $| $+ $@ good: sent with auth
R$* $| $* $: $1 $| $>A <$&{client_addr}> <?> <+ connect> <>
R$* $| < RELAY > < > $@ good: access.db says RELAY
R$* $# error $@ 5.7.1 $: 553 Authentication required
* You wanted put that on sendmail.cf. Right?
It is just what I said:
LOCAL_RULESETS
SLocal_check_mail
R$* $: $1 $| $&{auth_type}
R$* $| $+ $@ good: sent with auth
R$* $| $* $: $1 $| $>A <$&{client_addr}> <?> <+ connect> <>
R$* $| < RELAY > < > $@ good: access.db says RELAY
R$* $# error $@ 5.7.1 $: 553 Authentication required
I have NOT looked what that ruleset is supposed to do. I just answered
your question.
* cf/README says:
Beware: MAILER declarations
should always be at the end of the configuration file. The general
rules are that the order should be:
VERSIONID
OSTYPE
DOMAIN
FEATURE
local macro definitions
MAILER
LOCAL_CONFIG
LOCAL_RULE_*
LOCAL_RULESETS
There are a few exceptions to this rule. Local macro definitions which
influence a FEATURE() should be done before that feature. For example,
a define(`PROCMAIL_MAILER_PATH', ...) should be done before
FEATURE(`local_procmail').
/ Kari Hurtta
* You sent some piece of code and asked to try it .
LOCAL_RULESETS
SLocal_check_mail
R$* $: $1 $| $&{auth_type}
R$* $| $+ $@ good: sent with auth
R$* $| $* $: $1 $| $>A <$&{client_addr}> <?> <+ connect>
<>
R$* $| < RELAY > < > $@ good: access.db says RELAY
R$* $# error $@ 5.7.1 $: 553 Authentication
required
* Then I checked my sendmail.cf file and there is no such lines in
my sendmail.cf file . There is only a single line in my sendmail.cf
file
SLocal_check_mail
So I added the five lines you had given below this line in
the sendmail.cf file and restarted the service . The authentication
worked fine . After that I made some other changes in sendmail.mc file
for some other purpose and give the command to activate them
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
Then I checked for the added lines in the sendmail.cf file
.They were not there . So I understood when we make the sendmail.cf
file each time using the sendmail.mc updations the manual entries in
the sendmail.cf file will be overwritten. So I added the feature in the
sendmail.mc file to make the changes permenant .
FEATURE(`Local_check_mail')dnl
But it says some error message . There is no such feature
in the directory " /usr/share/sendmail-cf/feature " . I am using
sendmail.8.12.11 version. That is why I was asking you what entries
have to be added in the sendmail.mc to have the same effect as you
mentioned and where to be added . I really thank you for your effort
and the detailed reply for me . I hope you will understand my position
and give me a solution or suggestion to solve this issue completely . I
am expecting your reply .
Give me guidelines what needs to be done clearly.
Thanks once again.
Suresh Kumar
You have to add the code Kari gave you to - the bottom of - your .mc file
--
bOnK
> * You sent some piece of code and asked to try it .
>
> LOCAL_RULESETS
> SLocal_check_mail
> R$* $: $1 $| $&{auth_type}
> R$* $| $+ $@ good: sent with auth
> R$* $| $* $: $1 $| $>A <$&{client_addr}> <?> <+ connect>
> <>
> R$* $| < RELAY > < > $@ good: access.db says RELAY
> R$* $# error $@ 5.7.1 $: 553 Authentication
> required
No.
1)
From: Joseph Brennan <bre...@columbia.edu>
Message-ID: <slrndim04q....@papaya.cc.columbia.edu>
wrote:
<<<< start quote
Test this.
SLocal_check_mail
R$* $: $1 $| $&{auth_type}
R$* $| $+ $@ good: sent with auth
R$* $| $* $: $1 $| $>A <$&{client_addr}> <?> <+ connect> <>
R$* $| < RELAY > < > $@ good: access.db says RELAY
R$* $# error $@ 5.7.1 $: 553 Authentication required
>>>> end quote
2)
From: sures...@yahoo.co.in
Message-ID: <1127110583....@o13g2000cwo.googlegroups.com>
you answered
<<<< start quote
Thanks for your reply . I appreciate your
reply . It is working fine.
>>>> end quote
and then you asked
<<<< start quote
One more issue that the lines given by you
should be placed in the "sendmail.cf" file . How can I add the same
feature using the sendmail.mc file
>>>> end quote
I did not given ruleset. I answered how to put that ruleset to .mc
file.
/ Kari Hurtta