LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-09-2005, 09:31 AM   #1
medmedia
LQ Newbie
 
Registered: Dec 2005
Distribution: RH 2.4.21-20, RHEL ES Release 3.1
Posts: 18

Rep: Reputation: 0
sendmail problems


Hi,

I have recently been having problems with spammers relaying thru my mail server, I have followed all the security precautions to prevent relaying but somehow it is still happening, typically the emails
are addressed to a fictional name in my domain eg. prisint9862@mydomain.com from an address like investmentalert@mydomain.com. The emails are typically ccd to hundreds of aol.com emails which has not made me popular with that particular domain. Can anyone recommend how to stop this relaying? In my access file I have:

localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY

How do I deny relaying by localhost etc but allow a few valid addresses to send?
Is there anything else I should do/look at ?

I am running RH 2.4.21-20, RHEL ES Release 3.1, Sendmail 8.12.11-4

thanks,
Al
 
Old 12-09-2005, 07:55 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Using Sendmail. Brave. I'll just dump some links from my thoughttracker. YMMV, auth-before-anything could help:
Sendmail AUTH using SASL: Sendmail Authentication: http://www.linux-sxs.org/internet_se...smailauth.html.
Sendmail AUTH using SSL: Configuring Sendmail's STARTTLS (SSL) and Relaying: http://www.ofb.net/~jheiss/sendmail/tlsandrelay.shtml
Using SMTP AUTH/STARTTLS: http://www.sendmail.org/~ca/email/st...#starttlssetup
 
Old 12-10-2005, 07:17 AM   #3
namit
Member
 
Registered: Aug 2005
Distribution: Debian
Posts: 355

Rep: Reputation: 30
what if you just install postfix? does that not do both send and recieve i have it seutp and works perfect also can track what is going on.


Do not like sendmail
 
Old 12-12-2005, 06:29 PM   #4
linuxxed
Member
 
Registered: Feb 2004
Posts: 273

Rep: Reputation: 30
Quote:
Originally Posted by medmedia
Hi,

I have recently been having problems with spammers relaying thru my mail server, I have followed all the security precautions to prevent relaying but somehow it is still happening, typically the emails
are addressed to a fictional name in my domain eg. prisint9862@mydomain.com from an address like investmentalert@mydomain.com. The emails are typically ccd to hundreds of aol.com emails which has not made me popular with that particular domain. Can anyone recommend how to stop this relaying? In my access file I have:

localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY

How do I deny relaying by localhost etc but allow a few valid addresses to send?
Is there anything else I should do/look at ?

I am running RH 2.4.21-20, RHEL ES Release 3.1, Sendmail 8.12.11-4

thanks,
Al
Nothing wrong with using sendmail.

Sendmail by default does not allow relaying. To allow relaying you allow in either "access" or relay-domains file.

* If a mail is addressed to a person whose account is on the server where sendmail is running then it will be allowed by default.

* If a mail is originating from an account your server where sendmail is running then it will be allowed by default.

* If someone in xyz domain uses your sendmail to send a mail to pqr domain then it will be denied by default.

Since the email is coming to an account on your server, it is accepted by default.

Does the account investmentalert@mydomain.com exist on your server?

Look in your maillog (/var/log/maillog) and see what sendmail is doing.


Best thing to do is add authentication on your mail server. All the information is on sendmail.org. Look for SMTP AUTH. Any user who has an account on the server will need to authenticate for sending any emails.
 
Old 12-13-2005, 10:10 AM   #5
medmedia
LQ Newbie
 
Registered: Dec 2005
Distribution: RH 2.4.21-20, RHEL ES Release 3.1
Posts: 18

Original Poster
Rep: Reputation: 0
thanks for that, I will look at adding smtp auth.
I am receiving emails from 'any random prefix'@mydomain.com so it can't be a rogue account.
 
Old 12-20-2005, 10:30 PM   #6
fhleung
Member
 
Registered: Aug 2004
Distribution: Lubuntu Live OS
Posts: 432

Rep: Reputation: 30
I can send mail but not receive using sendmail


I define(`SMART_HOST',`mail.myISP.com') to let my ISP mail server to handle mails.

This is my maillog (/var/log/maillog) and see what sendmail is doing.
Code:
Dec 21 10:38:05 www sendmail[11660]: jBLFbqnE011658: to=<user1@mydomain.com>, delay=00:00:07, xdelay=00:00:06, maile
r=esmtp, pri=30756, relay=mail.myISP.com. [144.140.80.10], dsn=2.0.0, stat=Sent (Message received: 20051220234158.L
OJN14751.omta05ps.mx.myISP.com@www.mydomain.com)
Dec 21 10:38:05 www imapd[11664]: imap service init from 127.0.0.1
Dec 21 10:38:05 www imapd[11664]: Login user=user1 host=localhost.localdomain [127.0.0.1]
Dec 21 10:38:06 www imapd[11664]: Logout user=user1 host=localhost.localdomain [127.0.0.1]

Please point out the problems. Thank you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Sendmail problems ghead Linux - Software 1 03-03-2005 05:44 PM
Sendmail Problems to3t3r *BSD 2 11-21-2004 11:50 PM
Problems with sendmail... @ngelot Linux - Software 4 11-17-2004 04:06 AM
Problems with sendmail... @ngelot Linux - Newbie 3 11-16-2004 12:14 PM
SendMail Problems alksys7 Linux - Software 2 04-14-2004 04:35 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration