Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Have just setup Sendmail working as an SMTP mail server on our Red Hat linux production box.
However one of our users has got the error message below when trying to send to another domain, this does not happen for all it seem like a security policy of the specific domain.
I understand the message, the external IP showing from the client is 53 and the external from the mail server is 51 and there is obviously a mismatch.
Could this be to do with the access policy of sendmail in that it RELAY's mail for the local domain, should this be set to something different to allow the send to originate from the mail server rather than the client PC.
First upstream SMTP client IP address: [XX.XX.127.51] According to a 'Received:' trace, the message apparently originated at:
[XX.XX.127.53], XXXXXXX ip-XX-XX-127-53.easynet.co.uk [XX.XX.127.53] (may
be forged)
For starters you will need to look at the FULL header. I suspect you will see something along the lines of received by xxx.53 from xxx.51. In other words, showing that it came from .51, through .53 to the end client. However, from what you have provided and my experience with mail servers, I don't think that this is the cause of the problem. More than likely, either your IP range is listed in a block that is banned by someone and the recipient is picking this up OR this particular recipient declares everybody SPAM, unless you are specifically declared as NOT SPAM.
Is there any way of making it look like the originator of the message is the server itself rather than the client PC?
The below appears in the message header
Code:
Received: from XXXCDT07 (ip-87-84-127-53.easynet.co.uk [87.84.127.53] (may be forged))
by XXXWebServer.XXX.local (8.13.8/8.13.8) with ESMTP id p19FKFdj005100
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.