A question about sendmail...
 

Things are great, learning a lot and it works great.

So here's my situation. I have a server with a static IP that I use as a sendmail server. The problem is that port 25 is exposed. As a result, anybody can login to the SMTP server and send mail from my domain as a user that does not exist as well as email from other non-existant domains. I'm sure there are sendmail options that I can enable to do some checks, like if the user exists on that server or if the domain is the same on the server, etc. I was wondering if you guys can mention a few that I can add to my sendmail.mc file?

I have thought about auth login, the problem is if auth login is on my public port then I won't be able to receive email from gmail because it would be unauthenticated. Also, I only have 1 mail server. I know the ideal solution is to have 2 mail servers. One for outgoing mail/internal mail server where you can enable auth login and the other for incoming mail which just acts as the relay to the internal mail server. That way spammers can't login to send mail out.

That's another question I had, how do I configure sendmail to only send email out/in?

Anyhow, so I have to make do with 1 mail server for now. So I decided to add a few rules on iptables. I grabbed the IP range that gmail uses when I receive mail from then and added it to my iptables with the following command.
I then block everything else so spammers can't even acces my SMTP server.
After this is done, I can receive mail from gmail just fine. However I'm not able to send mail out to gmail. I'm guessing that when I send email out to gmail, something is happening that is getting blocked by my iptable rules, which results in the email not getting to gmail. There are no bouncebacks at all. When I disable the 2nd rule that blocks all smtp traffic it works fine.

Can somebody explain exactly why the email does not reach gmail in this case? I'd like to understand exactly how sending email out works.

Could you recommend a better iptable rule to block all other smtp traffic and still allow me to send mail to gmail?

I was able to solve it by adding another two iptables rules to the source IP of my public network interface of the mail server and the loopback network interface of the mail server.

I would still like to know the answers to the other questions as well as other potential solutions. Especially because this solution only allows for me to receive email from gmail. I'd have to manually add an iptable rule for every other domain I'd like to receive mail from. There's got to be an easier way.

How would I make this mail server a closed relay to where I have to be on the server to be able to send mail?

Is mail relaying considered transferring mail from one network interface to another network interface(like eth0 to lo) or is it just relaying mail from one server to another?

Also what's the difference between submit.cf and sendmail.cf?

Ok now I finally got it. I was worried about Spammers logging into my SMTP server and sending mail out to different sites, but I see now that the /etc/mail/access.db prevents other computers from sending mail out. Nice, hehe. However, Spammers can still get in to my SMTP server and send me mail to users inside the server. Which is fine. I'm going to setup Spam Assassin next.