Host wise restricion not working in sendmail with squirrelmail in RHEL-5

akluthra · 11-18-2009, 11:44 PM

Dear all,
I have installed sendmail with squirrelmail on RHEL-5 ,it is working fine but /etc/mail/access file does not block mail from any host listed in this file for blocking. Can any one explain why it is so and how to get rid of this problem?

(A.K. Luthra)

bathory · 11-19-2009, 12:14 AM

Hi,

Any time you do changes in /etc/mail/access, you need to rebuild the access database. This is done running:

Code:

makemap hash /etc/mail/access < /etc/mail/access

Regards

akluthra · 11-19-2009, 12:45 AM

Quote:

Originally Posted by bathory

Hi,

Any time you do changes in /etc/mail/access, you need to rebuild the access database. This is done running:

Code:

makemap hash /etc/mail/access < /etc/mail/access

Regards

Yes , I did that of course and it works fine when I use outlook express on Windows client or Mozilla mail on Linux clients, but my problem is it does not work when I use webmail using squirrelmail. I think I have been able to clarify my point. Is there any additional configuration required to activate /etc/mail/access.db while using webmail?
Thanks,

bathory · 11-19-2009, 02:25 AM

What exactly do you want to restrict?
What's in /etc/mail/access?

akluthra · 11-25-2009, 03:23 AM

Let us say the ip address of my sendmail server is 192.168.30.32, the domain name is cdac.org (the name server is configured for this domain and is working successfully) and the entries in /etc/mail/access are as follows

127.0.0.1 RELAY
192.168.30.217 550 “ Do not use my mailserver”
Now the above file is saved.

# makemap hash /etc/mail/access < /etc/mail/access
The entries in /etc/mail/local-host-names is as follows:
cdac.org
The files /etc/httpd/conf/httpd.conf , /etc/mail/sendmail.mc , /etc/squirrelmail/config.php and /etc/dovecot.conf are configured properly then I use following commands
# service named start
#service httpd start
#service sendmail start
# service dovecot start
After this I go to client machine 192.168.30.217 and using the entry nameserver 192.168.30.32 in /etc/resolv.conf file of this client machine, I start the web browser, give the url www.cdac.org/webmail and I get the squirrelmail window where I give username and password of one of the users of mail server I am very much able to send and receive mails without any hindrance, on the other hand when I use Mozilla mail or out look express on the same machine after creating the user account and try to send or receive I get the error message 550 Don’t use my mail server. That means the sending
and receiving mail is being blocked successfully due to entry in /etc/mail/access file, then why the mail is not being blocked by using web mail, while other conditions are same.

bathory · 11-25-2009, 03:49 AM

Now this make sense:
A user from 192.168.30.217, uses the webserver on 192.168.30.32 to access your mailserver, that is installed on the same IP.
When this user sends an email from SquirrelMail, he actually access the smtp server from localhost (you can verify it from logs), so he grants relay.
If you want to restrict access by IP, you can use this SquirrelMail plugin, or use the apache techniques to restrict access based on the IP address.

Regards