Sendmail config: security and controlling outgoing mail
Some mail was sent through my Slackware 7.1 server, running Sendmail 8.12.10, w/ my return address, to a list I administer (on Yahoo), so slipped by as only email from me is allowed.
The two relevant lines from the maillog file are below.
Mar 20 02:23:37 xxx: i2K8NXRo020489: from=<email@example.com>, size=32471, class=0, nrcpts=1, msgid=<firstname.lastname@example.org>, proto=SMTP, daemon=MTA, relay=adsl-63-199-102-245.dsl.lsan03.pacbell.net [18.104.22.168]
Mar 20 02:23:39 xxx: i2K8NXRo020489: email@example.com, ctladdr=<firstname.lastname@example.org> (1004/100), delay=00:00:05, xdelay=00:00:01, mailer=esmtp, pri=62705, relay=mta4.grp.scd.yahoo.com. [22.214.171.124], dsn=2.0.0, stat=Sent (ok 1079770869 qp 62876)
My .mc file has a
line, and the /etc/mail/relay-domains file has:
The spam tests that I run against the server (I tried ordb.org and spamlart) say I don't have an open relay.
It wd seem that someone (using a PacBell DSL connection) created an email with my return address, and used my email server as the SMTP host, and effectively disguised an email as if it was from me.
I would like to prevent this from happening in the future. How can that be done? I would like to allow only machines from my network, by IP address, to send out mail; but allow incoming mail from anyone to accounts on my system.
The access_db option seems to control incoming mail (that is, it blocks incoming mail), or maybe that's mainly what it is for.
Any guidance will be appreciated.
If it's useful, the .mc file is below
Last edited by unknownrisk; 03-21-2004 at 01:10 PM.