Things are great, learning a lot and it works great.
So here's my situation. I have a server with a static IP that I use as a sendmail server. The problem is that port 25 is exposed. As a result, anybody can login to the SMTP server and send mail from my domain as a user that does not exist as well as email from other non-existant domains. I'm sure there are sendmail options that I can enable to do some checks, like if the user exists on that server or if the domain is the same on the server, etc. I was wondering if you guys can mention a few that I can add to my sendmail.mc file?
I have thought about auth login, the problem is if auth login is on my public port then I won't be able to receive email from gmail because it would be unauthenticated. Also, I only have 1 mail server. I know the ideal solution is to have 2 mail servers. One for outgoing mail/internal mail server where you can enable auth login and the other for incoming mail which just acts as the relay to the internal mail server. That way spammers can't login to send mail out.
That's another question I had, how do I configure sendmail to only send email out/in?
Anyhow, so I have to make do with 1 mail server for now. So I decided to add a few rules on iptables. I grabbed the IP range that gmail uses when I receive mail from then and added it to my iptables with the following command.
Code:
iptables -A INPUT -p tcp -m iprange --src-range x.x.x.1-x.x.x.254 -j ACCEPT
I then block everything else so spammers can't even acces my SMTP server.
Code:
iptables -A INPUT -p tcp -m tcp --dport 25 -j DROP
After this is done, I can receive mail from gmail just fine. However I'm not able to send mail out to gmail. I'm guessing that when I send email out to gmail, something is happening that is getting blocked by my iptable rules, which results in the email not getting to gmail. There are no bouncebacks at all. When I disable the 2nd rule that blocks all smtp traffic it works fine.
Can somebody explain exactly why the email does not reach gmail in this case? I'd like to understand exactly how sending email out works.
Could you recommend a better iptable rule to block all other smtp traffic and still allow me to send mail to gmail?