relay-domains and netmask
rbe...@mailandnews.com
I have a problem with sendmail 8.12.11 and the definition of
relay-domains which makes my server an open relay for messages sent
from some IP addresses.
Let me try to explain;
In /etc/mail/relay-domains I have something like this:
192.168.20
148.233.3.4
The intention here is to allow all our LAN to send messages through
this server and also the specific external machine stated.
It works almost as expected, most foreign machines are not allowed to
relay through the server... but today a spammer with an address close
to the second specified address found it could relay messages (hundreds
of them so far). Their address is 148.233.116.69, as you can see it's
different but close if you consider a class B network close. But
that's not the intention of the relay-domains file.
Does anyone know if somehow sendmail is using a class B network mask to
chek this? Where is it specified?
I have already tried changing the order, in case the LAN (class C) spec
was causing something strange. I also tried specifying the address as
192.168.20.0/24 and 148.233.3.4/32. Nothing changed.
Thanks.
--
René Berber
Claus Aßmann
> I have a problem with sendmail 8.12.11 and the definition of
> relay-domains which makes my server an open relay for messages sent
> from some IP addresses.
> In /etc/mail/relay-domains I have something like this:
> 192.168.20
> 148.233.3.4
> It works almost as expected, most foreign machines are not allowed to
> relay through the server... but today a spammer with an address close
> to the second specified address found it could relay messages (hundreds
> of them so far). Their address is 148.233.116.69, as you can see it's
> different but close if you consider a class B network close. But
"close" isn't good enough...
> that's not the intention of the relay-domains file.
Please post two logfile entries (from=/to=) of a relayed mail
that show the problem.
Include your .mc (not .cf) file and the output of
echo '$=R' | sendmail -bt -d0.10
> Does anyone know if somehow sendmail is using a class B network mask to
> chek this? Where is it specified?
cf/README.
> I have already tried changing the order, in case the LAN (class C) spec
> was causing something strange. I also tried specifying the address as
> 192.168.20.0/24 and 148.233.3.4/32. Nothing changed.
That's not valid syntax.
--
A: Maybe because some people are too annoyed by top-posting.
Q: Why do I not get an answer to my question(s)?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
rbe...@mailandnews.com
> Please post two logfile entries (from=/to=) of a relayed mail
> that show the problem.
Jan 15 03:12:11 sunfire sendmail[20199]: [ID 801593 mail.info]
j0F9BnHs020199: f
rom=<minerva...@penn.com>, size=3510, class=0, nrcpts=13,
msgid=<2005011509
12.j0F9B...@mail.legosoft.com.mx>, proto=SMTP, daemon=MTA-v4,
relay=custom
er-148-233-116-69.uninet-ide.com.mx [148.233.116.69]
Jan 15 03:12:11 sunfire sendmail[20199]: [ID 801593 mail.info]
j0F9BnHs020199: t
o=<dice...@aol.com>, delay=00:00:00, mailer=esmtp, pri=393510,
stat=queued
Jan 15 03:12:11 sunfire sendmail[20199]: [ID 801593 mail.info]
j0F9BnHs020199: t
o=<timt...@aol.com>, delay=00:00:00, mailer=esmtp, pri=393510,
stat=queued
...
> nclude your .mc (not .cf) file
I'm unable to find my .mc files, I seem to have erased them (the
installation is 1 yr old), but from the sendmail.cf file
@(#)main.mc
$Id: solaris8.m4
$Id: local_lmtp.m4
@(#)solaris-generic.m4
$Id: redirect.m4
$Id: use_cw_file.m4
$Id: use_ct_file.m4
$Id: relay_entire_domain.m4
$Id: proto.m4
$Id: local.m4
$Id: smtp.m4
you can see that it is mostly a generic solaris configuration, the
parts I changed were to upgrade the security. Sorry I know it is
important I just had not realized that I lost my sources.
> and the output of echo '$=R' | sendmail -bt -d0.10
Version 8.12.11
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MIME7TO8 MIME8TO7
NAMED_BIND NDBM NETINET NETINET6 NETUNIX NIS NISPLUS
PIPELINING
SCANF XDEBUG
OS Defines: HASFCHOWN HASFCHMOD HASGETUSERSHELL HASINITGROUPS
HASLSTAT HASNICE HASRANDOM HASRRESVPORT HASSETREGID
HASSETREUID
HASSETRLIMIT HASSETSID HASSETVBUF HASURANDOMDEV
HASSTRERROR
HASULIMIT HASUNAME HASWAITPID IDENTPROTO IP_SRCROUTE
SAFENFSPATHCONF SYS5SETPGRP SYSTEM5 USE_DOUBLE_FORK
USE_SA_SIGACTION USE_SIGLONGJMP USESETEUID
Kernel symbols: /dev/ksyms
Conf file: /etc/mail/submit.cf (default for MSP)
Conf file: /etc/mail/sendmail.cf (default for MTA)
Pid file: /var/run/sendmail.pid (default)
Canonical name: legosoft.com.mx
a.k.a.: legosoft
UUCP nodename: sunfire
a.k.a.: legosoft.com.mx
a.k.a.: mail.legosoft.com.mx
a.k.a.: sunfire.legosoft.com.mx
a.k.a.: loghost
a.k.a.: [192.168.20.245]
a.k.a.: [127.0.0.1]
a.k.a.: [IPv6:::1]
a.k.a.: [IPv6:fe80::203:baff:fe27:2111]
Conf file: /etc/mail/sendmail.cf (selected)
Pid file: /var/run/sendmail.pid (selected)
============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = legosoft
(canonical domain name) $j = mail.legosoft.com.mx
(subdomain name) $m = com.mx
(node name) $k = sunfire
========================================================
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> 201.129.26.161
192.168.20
200.67.134.230
148.233.147.133
--
René Berber
Claus Aßmann
> Jan 15 03:12:11 sunfire sendmail[20199]: [ID 801593 mail.info]
> j0F9BnHs020199: from=<minerva...@penn.com>, size=3510, class=0, nrcpts=13,
> msgid=<2005011509
> 12.j0F9B...@mail.legosoft.com.mx>, proto=SMTP, daemon=MTA-v4,
> relay=customer-148-233-116-69.uninet-ide.com.mx [148.233.116.69]
> Jan 15 03:12:11 sunfire sendmail[20199]: [ID 801593 mail.info]
> j0F9BnHs020199: to=<dice...@aol.com>, delay=00:00:00, mailer=esmtp, pri=393510,
> stat=queued
Why queued? DeliveryMode?
> I'm unable to find my .mc files, I seem to have erased them (the
Bad...
> $Id: relay_entire_domain.m4
> (subdomain name) $m = com.mx
Quoting cf/README
relay_entire_domain
This option allows any host in your domain as defined by
class {m} to use your server for relaying. Notice: make
sure that your domain is not just a top level domain,
e.g., com. This can happen if you give your host a name
like example.com instead of host.example.com.
relay=customer-148-233-116-69.uninet-ide.com.mx
$m = com.mx
That's why relaying is allowed.
Now you need to create a new cf file, but first you need to
reconstruct an mc file (and don't delete it afterwards...)
http://www.sendmail.org/~ca/email/more.html
rbe...@mailandnews.com
> Why queued? DeliveryMode?
Mail is filtered through MailScanner for viruses and/or spam.
> relay=customer-148-233-116-69.uninet-ide.com.mx
>
> $m = com.mx
>
> That's why relaying is allowed.
OK, that makes sense, but I'm sure our second office address which is
in the *.uninet-ide.com.mx domain cannot use the server as relay if I
don't add it to relay- domains, and this happens for all the addresses
in relay-domains (every time they change address I have to update the
file, and one those addresses is a dynamic IP, so I'm pretty sure).
The problem seems to be my configuration. If the machine's name is
mail.legosoft.com.mx why did $m ended up being com.mx and not
legosoft.com.mx?
Thanks for your help, I'll check my configuration carefully.
--
René Berber
Claus Aßmann
> OK, that makes sense, but I'm sure our second office address which is
> in the *.uninet-ide.com.mx domain cannot use the server as relay if I
> don't add it to relay- domains, and this happens for all the addresses
> in relay-domains (every time they change address I have to update the
> file, and one those addresses is a dynamic IP, so I'm pretty sure).
Maybe the reverse/forward mapping doesn't match in which case
the hostname isn't used.
> The problem seems to be my configuration. If the machine's name is
> mail.legosoft.com.mx why did $m ended up being com.mx and not
> legosoft.com.mx?
Good question... check your configuration and maybe do some
debugging of the sendmail startup code.