sendmail (security) problem
I've configured sendmail based on the howto on LQ.org by SiegeX
got it working, so I can send mail from outside of the server when I authenticate the server sends the mail as it should, this part is ok the problem begins, when in the client(thunderbird) I disable the option use username and password, and change the mail address a bit from user@host.com to user666@host.com and the server sends the mail anyway, this is not right the first thing is that it should not(i don' want it to) send mail if the user doesn't authenticate the seconf thing is, user666 user or alias doesn't even exist on the system and it also shouldn't be able to send mail through my server sure i have added only trusted IPs to RELAY, but anyway i feel it is a bit more vulnerable so is there a way to tell the server not to send mail if the user hasn't authenticated? and also tell it if the user or mail alias doesn't exist not to send it either? |
I don't know, but recommend fetchmail or qmail instead.
|
You can force authentication (there's info at http://www.sendmail.org/~ca/email/auth.html#authop), but it's not recommended unless your mail server is only being used by your users. If it's being used to receive mail from users at other domains, it won't work because they can't authenticate.
As far as I can tell the only way to do what you're talking about is to have 2 mail servers. The first would be for your users and would allow them to relay to other domains, but would require SMTP AUTH. The second is to receive mail for your domain from other domains, it would not require SMTP AUTH. |
and thats exactly what I want
only my users can use my mail server and no one else because now I can delete the IP range relaying when i specified i.e. 198.15 RELAY and only those within this IP range could relay through the server the problems began when someone of my users went abroad and couldn't send mail through it anymore |
All times are GMT -5. The time now is 02:40 AM. |