Relaying and port forwarding
Rene Lacasse
I've forwarded port 25 from the firewall to the mail server and that works
great for receiving mail. The problem is that it works too well and causing
an open relay. What I'm trying do to is reject mail coming from the
firewall except if it's destined to certain specific users.
I've tried setting up my access file as follows:
192.168.0.1 REJECT
To:ok...@domain.com OK
Instead of accepting mail from "ok...@domain.com" and rejecting everything
else as I'd hoped, sendmail is just rejecting everything.
Is there something more that I need to configure?
Does anyone have a suggestion as to how I can fix this problem or perhaps a
different way to achieve the same result?
Thanks ahead of time,
Rene
Per Hedeland
<postm...@gwdi.com> writes:
>
>I've forwarded port 25 from the firewall to the mail server and that works
>great for receiving mail. The problem is that it works too well and causing
>an open relay.
Is your port forwarding done in such a way that connections appear to
come from the firewall? If so, you could try using some different
technique, e.g. NAT-based "redirect" will normally preserve the source
IP address.
> What I'm trying do to is reject mail coming from the
>firewall except if it's destined to certain specific users.
>
>I've tried setting up my access file as follows:
>192.168.0.1 REJECT
>To:ok...@domain.com OK
>
>Instead of accepting mail from "ok...@domain.com" and rejecting everything
>else as I'd hoped, sendmail is just rejecting everything.
It should be sufficient to not allow the firewall to relay - this is the
default of course, but presumably you have a '192.68.0 RELAY' or
somesuch in access db to allow your internal hosts to relay. Just make
an exception for the firewall with
192.168.0.1 OK
If you for some reason want to implement precisely what you describe
above, you need to use FEATURE(`delay_checks').
--Per Hedeland
p...@bluetail.com