LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 03-21-2004, 01:07 PM   #1
unknownrisk
LQ Newbie
 
Registered: Nov 2003
Location: Earth
Distribution: Slackware 7.1
Posts: 2

Rep: Reputation: 0
Sendmail config: security and controlling outgoing mail


Some mail was sent through my Slackware 7.1 server, running Sendmail 8.12.10, w/ my return address, to a list I administer (on Yahoo), so slipped by as only email from me is allowed.

The two relevant lines from the maillog file are below.

Mar 20 02:23:37 xxx[20489]: i2K8NXRo020489: from=<myemailaddr@mydomain.com>, size=32471, class=0, nrcpts=1, msgid=<ojljccomqcoeqrajmkg@mymailserver.mydomain.com>, proto=SMTP, daemon=MTA, relay=adsl-63-199-102-245.dsl.lsan03.pacbell.net [63.199.102.245]

Mar 20 02:23:39 xxx[20490]: i2K8NXRo020489: to=mymailinglist@yahoogroups.com, ctladdr=<myemailaddr@mydomain.com> (1004/100), delay=00:00:05, xdelay=00:00:01, mailer=esmtp, pri=62705, relay=mta4.grp.scd.yahoo.com. [66.218.66.172], dsn=2.0.0, stat=Sent (ok 1079770869 qp 62876)

My .mc file has a

FEATURE(`use_cw_file')

line, and the /etc/mail/relay-domains file has:

mydomain.com
anotherdomain.com

in it.

The spam tests that I run against the server (I tried ordb.org and spamlart) say I don't have an open relay.

It wd seem that someone (using a PacBell DSL connection) created an email with my return address, and used my email server as the SMTP host, and effectively disguised an email as if it was from me.

I would like to prevent this from happening in the future. How can that be done? I would like to allow only machines from my network, by IP address, to send out mail; but allow incoming mail from anyone to accounts on my system.

The access_db option seems to control incoming mail (that is, it blocks incoming mail), or maybe that's mainly what it is for.

Any guidance will be appreciated.

xx

If it's useful, the .mc file is below

include(`../m4/cf.m4')
VERSIONID(`@(#)mydomain.smtp.mc')dnl
OSTYPE(linux)
define(`ALIAS_FILE',`/etc/mail/aliases,/etc/mail/majordomo.aliases')
FEATURE(always_add_domain)dnl
FEATURE(`masquerade_envelope')
FEATURE(`use_cw_file')
FEATURE(`use_ct_file')
dnl FEATURE(`access_db')
define(`confCT_FILE', `/etc/mail/trusted-users')
MASQUERADE_AS(`mydomain.com')
MAILER(local)dnl
MAILER(smtp)dnl

Last edited by unknownrisk; 03-21-2004 at 01:10 PM.
 
Old 03-21-2004, 02:05 PM   #2
AutOPSY
Member
 
Registered: Mar 2004
Location: US
Distribution: Redhat 9 - Linux 2.6.3
Posts: 836

Rep: Reputation: 31
if your pop/smtp (MTA) uses tcpd, you could add entries into your /etc/hosts.allow and /etc/hosts/deny files.

I would namely add an entry in the hosts.deny file like:

ALL : 66.218.66.172

?

or to only allow outgoing smtp from your clients put in hosts.allow, I don't know how this would work with the spoofed emails though.

deamonnname : yourclientsIPs
deamonnname : yourclients IPS.



I would like to allow only machines from my network, by IP address, to send out mail; but allow incoming mail from anyone to accounts on my system.

This could prove to be hard to accomplish with host access control files.

Last edited by AutOPSY; 03-21-2004 at 02:13 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
sendmail and outgoing mail shafey Linux - Networking 1 11-16-2005 04:57 AM
Controlling mail using Sendmail Milter ronferns Linux - Software 0 11-29-2004 01:12 AM
How to separate Incoming Mail and Outgoing Mail on SENDMAIL LiloAma Linux - Networking 1 03-22-2004 02:24 AM
Sendmail : How To control outgoing mail joseph Linux - Software 0 02-16-2004 07:30 PM
sendmail outgoing mail karunesh Linux - General 0 11-17-2003 02:19 PM


All times are GMT -5. The time now is 05:13 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration