LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 11-03-2003, 04:22 PM   #1
noisybastard
Member
 
Registered: May 2003
Distribution: RedHat 9
Posts: 32

Rep: Reputation: 15
sendmail not accepting external email


I'm still new to linux, but for quite a while I had a server running just fine. I just recently had to reinstall the whole thing, but now sendmail isn't accepting outside email. Email sent from the server comes through just fine, but anything sent from outside the server gets a very late bounce message. The thing is, I copied over the mail settings from the old server, so I would think everything would work just fine. The only thing I did different on this install is install Mailman. I checked the logs and everything looks fine, only mailman is having trouble starting since it can't find some "qrunner" service. Can someone help me figure this one out? Should I even use Mailman??
 
Old 11-03-2003, 04:45 PM   #2
noisybastard
Member
 
Registered: May 2003
Distribution: RedHat 9
Posts: 32

Original Poster
Rep: Reputation: 15
nevermind, fixed it.

however, I think I may have an open relay now. Is there any way to just allow valid system users to send pop3 email and lock everyone else out? I've been trying to figure out how to do that for almost a year now.
 
Old 11-03-2003, 08:08 PM   #3
J_Szucs
Senior Member
 
Registered: Nov 2001
Location: Budapest, Hungary
Distribution: SuSE 6.4-11.3, Dsl linux, FreeBSD 4.3-6.2, Mandrake 8.2, Redhat, UHU, Debian Etch
Posts: 1,126

Rep: Reputation: 58
Sendmail only sends or relays mails from hosts specified in /etc/mail/access (if there are no other restrictions).

By the way, what do you mean under 'sending pop3 email'?
So far as I know the only program that can 'send pop3 e-mail' is your pop3 server. Sendmail is not involved in any ways in the communication between your pop3 server and clients reading the mailboxes.

Last edited by J_Szucs; 11-03-2003 at 08:14 PM.
 
Old 11-04-2003, 02:05 PM   #4
noisybastard
Member
 
Registered: May 2003
Distribution: RedHat 9
Posts: 32

Original Poster
Rep: Reputation: 15
Well, I can set up the access file to allow relays, but it seems I can only allow relays for specific sender addresses (ie: I have to set up comcast as a relay if I'm sending pop3 from a comcast cablevmodem). I'm trying to allow users to send pop3 from ANY ISP, but ONLY allow actual users to send pop3 email. I have to have my pop3 server up to send the pop3 email, but if sendmail isn't set up to relay for the whole domain then I can't send outgoing emails because it says it doesn't allow relaying. However, once I allow relaying for the whole domain in sendmail the server acts as an open relay and I get flooded with spam routing through my server. I don't know enough about sendmail and pop3 servers to really know what is going on here.

Is it possible, in the access file, to set relay access based on username, not domain name? And if so is there a way to allow it for EVERY local user by default so I don't have to add a new line every time I add a user?



Quote:
Originally posted by J_Szucs
Sendmail only sends or relays mails from hosts specified in /etc/mail/access (if there are no other restrictions).

By the way, what do you mean under 'sending pop3 email'?
So far as I know the only program that can 'send pop3 e-mail' is your pop3 server. Sendmail is not involved in any ways in the communication between your pop3 server and clients reading the mailboxes.
 
Old 11-04-2003, 09:34 PM   #5
J_Szucs
Senior Member
 
Registered: Nov 2001
Location: Budapest, Hungary
Distribution: SuSE 6.4-11.3, Dsl linux, FreeBSD 4.3-6.2, Mandrake 8.2, Redhat, UHU, Debian Etch
Posts: 1,126

Rep: Reputation: 58
Quote:
I'm trying to allow users to send pop3 from ANY ISP, but ONLY allow actual users to send pop3 email.
I still do not know what you mean under sending pop3 e-mail and how sendmail would be involved in it.
But I suspect that the situation can be like this: some of your users (who have mailboxes on your mail server) also have mailboxes at other ISPs and you want to allow these users to send mails through your smtp server as if sent from those ISP's mailboxes.
Sendmail actually denies this by default.

I do not allow such relaying for my users for two reasons:
- I consider my mailserver being more secure than any commercial ISP's, and I insist on this security, so I regard the use of any outside ISP's mailboxes as illegal on the company's LAN
- if any of my users insists on using an other ISP's mailbox, he or she should use that ISP's smtp server to send his mails. He can easily do this: either he uses the webmail interface of his ISP (highly preferable) or he selects his ISP's mailbox in the sender field in Outlook Express, and voila: his mail is sent using that ISP's smtp server.
Taking into account the weakness of Outlook Express, which is the most widely used e-mail client on our LAN, I am considering the idea of actually denying the use of any outside ISPs with OE. I could do this by denying access to any outside pop3 servers on the firewall. Then my users would be forced to use the webmail interfaces of those ISPs.

Anyway, immediately stop the open relay, especially if you see that spammers actually make use of it!
If you allow this, you may soon find your mail server being denied on the internet, and then you will not be able to send any mails to anywhere!

Last edited by J_Szucs; 11-04-2003 at 09:46 PM.
 
Old 11-04-2003, 09:45 PM   #6
noisybastard
Member
 
Registered: May 2003
Distribution: RedHat 9
Posts: 32

Original Poster
Rep: Reputation: 15
Quote:
some of your users (who have mailboxes on your mail server) also have mailboxes at other ISPs and you want to allow these users to send mails through your smtp server as if coming from those ISP's mailboxes.
Almost. Say for example I run abc.com. I have someone with a someperson@abc.com pop3 account. This person uses a dialup through ISP xyz.com. All I'm trying to figure out how to do is allow that person to be able to send pop3 email from their someperson@abc.com account. Since this person isn't sitting at the terminal of server abc.com their pop3 email is being sent from xyz.com. They're not relaying mail from xyz.com through abc.com, just logging in to their pop3 account to send their email from abc.com while using the service of xyz.com. It seems that when I do something like this I have to allow xyz.com relaying rights in order to send an email (ie: any email not sent directly from the abc.com terminal needs special relaying rights set up for whatever server they're using to get online with at the time. The problem of course is that I can't predict every server that my clients may hop online with).
 
Old 11-04-2003, 10:10 PM   #7
J_Szucs
Senior Member
 
Registered: Nov 2001
Location: Budapest, Hungary
Distribution: SuSE 6.4-11.3, Dsl linux, FreeBSD 4.3-6.2, Mandrake 8.2, Redhat, UHU, Debian Etch
Posts: 1,126

Rep: Reputation: 58
I understand your problem now.

So far as I know you have four choices to establish this task:

A) Use an imap server instead of pop3. Then your users will have all of their mails on your server, and any mails sent by your users would be sent from your mailserver, so there is no need for a relay. Drawbacks: changing mail system, lots of disk space required.

B) Use sendmail's smtp_auth option. Then you should issue a certificate for your clients, and sendmail would only allow relaying mail for those clients who authenticate themselves with the valid client certificate. Drawback: requires some change to your sendmail configuration, you should install and setup e.g. openssl to issue at least one certificate and your users should be smart enough to install the certificate on their machines (the biggest drawback; users are stupid by default).

C) Use a popbeforesmtp hack. This means: any client (IP address) that successfully authenticates itself via pop3 is automatically allowed to relay mail through your mail server for some time. There are some scripts on the net establishing this task. I myself use my own bash script that greps out the IP addresses of users that successfully log into the pop3 server from /var/log/messages, and adds that IP address to /var/mail/access. My script is run once in each minute by cron. Other scripts may be able to continuously monitor the messages file, and allow relaying immediately after the successful pop3 login. Drawback: it is a hack, not a professional solution, your pop3 server should log IP addresses into the messages (I had to recompile qpopper to enable this).

D) Make your users use a webmail interface. Drawbacks: you have to install a webmail program that uses pop3 (e.g. Neomail or OpenWebmail), stupid users do not like webmail.

Anyway, stop the open relay as soon as possible!

Last edited by J_Szucs; 11-05-2003 at 01:52 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Sendmail port suddenly not accepting zuckerj Linux - Networking 1 09-27-2004 03:12 AM
Sendmail port suddenly not accepting zuckerj Linux - General 3 09-26-2004 10:23 PM
Creating A Second Email Address For Email Account On Sendmail treedstang Linux - Software 1 04-27-2004 10:31 PM
Postfix mail server not accepting incoming mail from the external interface rexmundi Linux - Networking 7 12-22-2003 03:41 PM
Cannnot send external email... philg Linux - General 2 08-23-2002 09:45 PM


All times are GMT -5. The time now is 09:39 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration