LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-31-2010, 08:24 PM   #1
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,027

Rep: Reputation: 69
A question about sendmail...


Things are great, learning a lot and it works great.

So here's my situation. I have a server with a static IP that I use as a sendmail server. The problem is that port 25 is exposed. As a result, anybody can login to the SMTP server and send mail from my domain as a user that does not exist as well as email from other non-existant domains. I'm sure there are sendmail options that I can enable to do some checks, like if the user exists on that server or if the domain is the same on the server, etc. I was wondering if you guys can mention a few that I can add to my sendmail.mc file?

I have thought about auth login, the problem is if auth login is on my public port then I won't be able to receive email from gmail because it would be unauthenticated. Also, I only have 1 mail server. I know the ideal solution is to have 2 mail servers. One for outgoing mail/internal mail server where you can enable auth login and the other for incoming mail which just acts as the relay to the internal mail server. That way spammers can't login to send mail out.

That's another question I had, how do I configure sendmail to only send email out/in?

Anyhow, so I have to make do with 1 mail server for now. So I decided to add a few rules on iptables. I grabbed the IP range that gmail uses when I receive mail from then and added it to my iptables with the following command.
Code:
iptables -A INPUT -p tcp -m iprange --src-range x.x.x.1-x.x.x.254 -j ACCEPT
I then block everything else so spammers can't even acces my SMTP server.
Code:
iptables -A INPUT -p tcp -m tcp --dport 25 -j DROP
After this is done, I can receive mail from gmail just fine. However I'm not able to send mail out to gmail. I'm guessing that when I send email out to gmail, something is happening that is getting blocked by my iptable rules, which results in the email not getting to gmail. There are no bouncebacks at all. When I disable the 2nd rule that blocks all smtp traffic it works fine.

Can somebody explain exactly why the email does not reach gmail in this case? I'd like to understand exactly how sending email out works.

Could you recommend a better iptable rule to block all other smtp traffic and still allow me to send mail to gmail?

Last edited by trist007; 07-31-2010 at 08:28 PM.
 
Old 07-31-2010, 09:33 PM   #2
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,027

Original Poster
Rep: Reputation: 69
I was able to solve it by adding another two iptables rules to the source IP of my public network interface of the mail server and the loopback network interface of the mail server.

I would still like to know the answers to the other questions as well as other potential solutions. Especially because this solution only allows for me to receive email from gmail. I'd have to manually add an iptable rule for every other domain I'd like to receive mail from. There's got to be an easier way.

How would I make this mail server a closed relay to where I have to be on the server to be able to send mail?

Is mail relaying considered transferring mail from one network interface to another network interface(like eth0 to lo) or is it just relaying mail from one server to another?

Also what's the difference between submit.cf and sendmail.cf?

Last edited by trist007; 08-01-2010 at 08:50 AM.
 
Old 08-01-2010, 01:06 PM   #3
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,027

Original Poster
Rep: Reputation: 69
Ok now I finally got it. I was worried about Spammers logging into my SMTP server and sending mail out to different sites, but I see now that the /etc/mail/access.db prevents other computers from sending mail out. Nice, hehe. However, Spammers can still get in to my SMTP server and send me mail to users inside the server. Which is fine. I'm going to setup Spam Assassin next.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
question about sendmail Guru Mind Linux - Server 2 08-20-2007 03:43 PM
Question on Sendmail itgl72 Linux - Newbie 4 04-13-2005 09:54 AM
Sendmail question jeucken Linux - Networking 1 12-05-2003 09:32 AM
Sendmail Question cartfanatic39 Linux - Networking 1 09-19-2003 12:13 PM
Sendmail question rlkiddjr Linux - General 4 03-04-2002 11:21 PM


All times are GMT -5. The time now is 08:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration