Configuring my sendmail to only send to certain domains

laredotornado · 08-25-2014, 12:38 PM

Hi,

Here’s the Linux config …

Code:

[dalvarado@mymachine ~]$ uname -a
Linux qa.mydomain.com 4.2.8.9.amzn1.x86_64 #1 SMP Wed Apr 2 09:36:59 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

I’m trying to configure our sendmail (8.14.4) system to only send emails to domains ending in “@domain.com” or “@domain2.com”. I’m reading through docs and have stumbled upon this file …

Code:

sudo vim /etc/mail/access

Within the file, i see a bunch of entries like so …

Code:

Connect:localhost.localdomain           RELAY
Connect:localhost                       RELAY
Connect:127.0.0.1                       RELAY

I’m not sure how I should add in the fact that I only want to send emails to these specific domains. How do I indicate that?

Thanks, - Dave

YankeePride13 · 08-25-2014, 12:46 PM

Relaying is rejected by default. The only messages that will be relayed through your system are by those that you specifically allow.

In your example, a message to ANY domain that originates from localhost will be allowed. But, if you tried to connect from another network to send a message, it would get rejected.

Now, if you wanted mail sent to domain example.com, for example, you could have :

Code:

To:Example.com                          RELAY

So anyone that connects to your machine to send a message to example.com would be allowed. Messages sent to other domains would be rejected.

Now keep in mind, this could open you up to backscatter. What we do to avoid that is we populate all valid e-mail accounts in the access file. So ours looks like:

Code:

To:example.com   REJECT
To:jim@example.com  RELAY
To:Sue@example.com  RELAY
...

etc.

So basically it would reject all mail to example.com except for jim, sue and anyone else I specify.

laredotornado · 08-25-2014, 01:20 PM

Hi,

I edited the file /etc/mail/access, and added

Code:

To:mydomain.com                          RELAY
To:mydomain2.com                         RELAY

Then I restarted sendmail using

Code:

sudo /etc/init.d/sendmail restart

However, when I was able to send an email to a "@gmail.com" domain. Is there something else I need to do to restrict the email? I use m4 to build the "sendmail.cf" file, but I didn't do that before restarting. Anything else I need to do?

YankeePride13 · 08-25-2014, 01:22 PM

You have to re-build your access database. Something like:

Code:

makemap hash /etc/mail/access < /etc/mail/access

laredotornado · 08-25-2014, 01:38 PM

Hi,

So I did this ...

Code:

[dalvarado@mymachine ~]$ sudo makemap hash /etc/mail/access < /etc/mail/access
[sudo] password for dalvarado: 
[dalvarado@mymachine ~]$ sudo /etc/init.d/sendmail restart
Shutting down sm-client:                                   [  OK  ]
Shutting down sendmail:                                    [  OK  ]
Starting sendmail:                                         [  OK  ]
Starting sm-client:                                        [  OK  ]

but then I was still able to send to the "@gmail.com" email. Here's my complete /etc/mail/access file ...

Code:

Connect:localhost.localdomain           RELAY
Connect:localhost                       RELAY
Connect:127.0.0.1                       RELAY
Connect:email-smtp.us-east-1.amazonaws.com RELAY
Connect:ses-smtp-prod-335357831.us-east-1.elb.amazonaws.com RELAY
To:domain1.com                          RELAY
To:domain2.com                        RELAY

YankeePride13 · 08-25-2014, 01:55 PM

Are you sending to gmail from the machine itself? Cause the connect lines allow you to send anything from the localhost.

EDIT

Also, if you send mail from email-smtp.us-east-1.amazonaws.com and ses-smtp-prod-335357831.us-east-1.elb.amazonaws.com it will also allow you to send anywhere