LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Configuring my sendmail to only send to certain domains (https://www.linuxquestions.org/questions/linux-general-1/configuring-my-sendmail-to-only-send-to-certain-domains-4175516320/)

laredotornado 08-25-2014 12:38 PM
Configuring my sendmail to only send to certain domains
 
Hi,

Here’s the Linux config …

Code:
[dalvarado@mymachine ~]$ uname -a
Linux qa.mydomain.com 4.2.8.9.amzn1.x86_64 #1 SMP Wed Apr 2 09:36:59 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
I’m trying to configure our sendmail (8.14.4) system to only send emails to domains ending in “@domain.com” or “@domain2.com”. I’m reading through docs and have stumbled upon this file …

Code:
sudo vim /etc/mail/access
Within the file, i see a bunch of entries like so …

Code:
Connect:localhost.localdomain          RELAY
Connect:localhost                      RELAY
Connect:127.0.0.1                      RELAY
I’m not sure how I should add in the fact that I only want to send emails to these specific domains. How do I indicate that?

Thanks, - Dave

YankeePride13 08-25-2014 12:46 PM
Relaying is rejected by default. The only messages that will be relayed through your system are by those that you specifically allow.

In your example, a message to ANY domain that originates from localhost will be allowed. But, if you tried to connect from another network to send a message, it would get rejected.

Now, if you wanted mail sent to domain example.com, for example, you could have :
Code:
To:Example.com                          RELAY
So anyone that connects to your machine to send a message to example.com would be allowed. Messages sent to other domains would be rejected.

Now keep in mind, this could open you up to backscatter. What we do to avoid that is we populate all valid e-mail accounts in the access file. So ours looks like:
Code:
To:example.com  REJECT
To:jim@example.com  RELAY
To:Sue@example.com  RELAY
...
etc.

So basically it would reject all mail to example.com except for jim, sue and anyone else I specify.

laredotornado 08-25-2014 01:20 PM
Hi,

I edited the file /etc/mail/access, and added

Code:
To:mydomain.com                          RELAY
To:mydomain2.com                        RELAY
Then I restarted sendmail using

Code:
sudo /etc/init.d/sendmail restart
However, when I was able to send an email to a "@gmail.com" domain. Is there something else I need to do to restrict the email? I use m4 to build the "sendmail.cf" file, but I didn't do that before restarting. Anything else I need to do?

YankeePride13 08-25-2014 01:22 PM
You have to re-build your access database. Something like:

Code:
makemap hash /etc/mail/access < /etc/mail/access

laredotornado 08-25-2014 01:38 PM
Hi,

So I did this ...

Code:
[dalvarado@mymachine ~]$ sudo makemap hash /etc/mail/access < /etc/mail/access
[sudo] password for dalvarado:
[dalvarado@mymachine ~]$ sudo /etc/init.d/sendmail restart
Shutting down sm-client:                                  [  OK  ]
Shutting down sendmail:                                    [  OK  ]
Starting sendmail:                                        [  OK  ]
Starting sm-client:                                        [  OK  ]
but then I was still able to send to the "@gmail.com" email. Here's my complete /etc/mail/access file ...

Code:
Connect:localhost.localdomain          RELAY
Connect:localhost                      RELAY
Connect:127.0.0.1                      RELAY
Connect:email-smtp.us-east-1.amazonaws.com RELAY
Connect:ses-smtp-prod-335357831.us-east-1.elb.amazonaws.com RELAY
To:domain1.com                          RELAY
To:domain2.com                        RELAY

YankeePride13 08-25-2014 01:55 PM
Are you sending to gmail from the machine itself? Cause the connect lines allow you to send anything from the localhost.

EDIT

Also, if you send mail from email-smtp.us-east-1.amazonaws.com and ses-smtp-prod-335357831.us-east-1.elb.amazonaws.com it will also allow you to send anywhere


All times are GMT -5. The time now is 10:51 AM.