relay and virtual domains
Sam
Hash: SHA1
In article <94754721...@mclaren.mikka.net.au>,
<dvo...@mikka.net.au> writes:
> Hi All,
>
> i'm trying to set up anti-relay on Sendmail 8.9.3
>
> it seems to work okay with Feature(access_db..etc.etc.) but done of my
> virtual domains can send mail (even though they are in the access db). they
> all get error 550 relay denied.
>
> It seems to fail on check_rcpt with error 550 relay denied even though the
> domains are listed in both the access and relay-allow files.
Relaying privileges are granted by the IP address of the client, not by the
envelope return address, which is trivially forged. Since your domains
are - well - virtual, putting them in access does not accomplish anything
useful.
> setup:
> my network is mikka.net.au
> a virtual site is sitea.com.au (and they are a dial in customer)
> a virtual site is siteb.com.au (and they have their own mail server which i
> am secondary MX to)
>
> how do i set it up so that the virtual sites can relay through me ?
You don't. There are certain legacy features that may be coaxed into
enabling relaying by the envelope sender address, but due to the fact that
they are a gaping security hole just waiting to happen, they are not
recommended, and should not be used. Otherwise, nothing really stops any
14 year puke from humping your server into mass-blasting several million
pornograms, as soon as he figures out the laughable security settings of
your relay.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: http://www.geocities.com/SiliconValley/Peaks/5799/GPGKEY.txt
iD8DBQE4enPs+3BFaxHnGY0RAmb1AJ9YonKLU4Z046+EepjgGF3JPUYe0QCgw7Wi
Hq3+miQ0mi4OMiGtNG6+yH0=
=OdIz
-----END PGP SIGNATURE-----
dvo...@mikka.net.au
Okay Sam,
this is cool and i understand it...
Is there somewhere you can suggest i get teh check_rcpt.m4 from to look at
IP addresses ?
It doesn't seem to come with sendmail-8.9.3 standard from sendmail.
Regs, Davor
Sam <s...@email-scan.webcircle.com> wrote in message
news:courier.387A...@email-scan.webcircle.com...
dvo...@mikka.net.au
i'm trying to set up anti-relay on Sendmail 8.9.3
it seems to work okay with Feature(access_db..etc.etc.) but done of my
virtual domains can send mail (even though they are in the access db). they
all get error 550 relay denied.
It seems to fail on check_rcpt with error 550 relay denied even though the
domains are listed in both the access and relay-allow files.
setup:
my network is mikka.net.au
a virtual site is sitea.com.au (and they are a dial in customer)
a virtual site is siteb.com.au (and they have their own mail server which i
am secondary MX to)
how do i set it up so that the virtual sites can relay through me ?
Regs, Davor
Mikka Int.
Sam
Hash: SHA1
In article <94755564...@mclaren.mikka.net.au>,
<dvo...@mikka.net.au> writes:
>
> Okay Sam,
>
> this is cool and i understand it...
>
> Is there somewhere you can suggest i get teh check_rcpt.m4 from to look at
> IP addresses ?
Just put the IP addresses themselves into access.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: http://www.geocities.com/SiliconValley/Peaks/5799/GPGKEY.txt
iD8DBQE4ey3Y+3BFaxHnGY0RAjLnAKDQw44UxBNJOmkNg8xpVnTvIERxIgCeNSu2
6sdXfEhf0rh1KCdtJ5uEMTE=
=7l9s
-----END PGP SIGNATURE-----
Claus Assmann
> Is there somewhere you can suggest i get teh check_rcpt.m4 from to look at
^^^^^^^^^^^^^
> IP addresses ?
> It doesn't seem to come with sendmail-8.9.3 standard from sendmail.
Don't use that file with 8.9. 8.9 comes with its own set of anti-relay
rules. See cf/README (and remove all lines in your .mc file which
refer to those 8.8. "HACK"s.)
--
If you feel the urgent wish to send me a courtesy copy of a Usenet
posting, then make sure it's recognizable as such!