Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
12-09-2005, 08:31 AM
|
#1
|
|
LQ Newbie
Registered: Dec 2005
Distribution: RH 2.4.21-20, RHEL ES Release 3.1
Posts: 18
Rep: 
|
sendmail problems
Hi,
I have recently been having problems with spammers relaying thru my mail server, I have followed all the security precautions to prevent relaying but somehow it is still happening, typically the emails
are addressed to a fictional name in my domain eg. prisint9862@mydomain.com from an address like investmentalert@mydomain.com. The emails are typically ccd to hundreds of aol.com emails which has not made me popular with that particular domain. Can anyone recommend how to stop this relaying? In my access file I have:
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
How do I deny relaying by localhost etc but allow a few valid addresses to send?
Is there anything else I should do/look at ?
I am running RH 2.4.21-20, RHEL ES Release 3.1, Sendmail 8.12.11-4
thanks,
Al |
|
|
|
|
12-10-2005, 06:17 AM
|
#3
|
|
Member
Registered: Aug 2005
Distribution: Debian
Posts: 355
Rep: 
|
what if you just install postfix? does that not do both send and recieve i have it seutp and works perfect also can track what is going on.
Do not like sendmail
|
|
|
|
|
12-12-2005, 05:29 PM
|
#4
|
|
Member
Registered: Feb 2004
Posts: 273
Rep:
|
Quote:
|
Originally Posted by medmedia
Hi,
I have recently been having problems with spammers relaying thru my mail server, I have followed all the security precautions to prevent relaying but somehow it is still happening, typically the emails
are addressed to a fictional name in my domain eg. prisint9862@mydomain.com from an address like investmentalert@mydomain.com. The emails are typically ccd to hundreds of aol.com emails which has not made me popular with that particular domain. Can anyone recommend how to stop this relaying? In my access file I have:
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
How do I deny relaying by localhost etc but allow a few valid addresses to send?
Is there anything else I should do/look at ?
I am running RH 2.4.21-20, RHEL ES Release 3.1, Sendmail 8.12.11-4
thanks,
Al |
Nothing wrong with using sendmail.
Sendmail by default does not allow relaying. To allow relaying you allow in either "access" or relay-domains file.
* If a mail is addressed to a person whose account is on the server where sendmail is running then it will be allowed by default.
* If a mail is originating from an account your server where sendmail is running then it will be allowed by default.
* If someone in xyz domain uses your sendmail to send a mail to pqr domain then it will be denied by default.
Since the email is coming to an account on your server, it is accepted by default.
Does the account investmentalert@mydomain.com exist on your server?
Look in your maillog (/var/log/maillog) and see what sendmail is doing.
Best thing to do is add authentication on your mail server. All the information is on sendmail.org. Look for SMTP AUTH. Any user who has an account on the server will need to authenticate for sending any emails. |
|
|
|
|
12-13-2005, 09:10 AM
|
#5
|
|
LQ Newbie
Registered: Dec 2005
Distribution: RH 2.4.21-20, RHEL ES Release 3.1
Posts: 18
Original Poster
Rep:
|
thanks for that, I will look at adding smtp auth.
I am receiving emails from 'any random prefix'@mydomain.com so it can't be a rogue account.
|
|
|
|
|
12-20-2005, 09:30 PM
|
#6
|
|
Member
Registered: Aug 2004
Distribution: Lubuntu Live OS
Posts: 432
Rep:
|
I can send mail but not receive using sendmail
I define(`SMART_HOST',`mail.myISP.com') to let my ISP mail server to handle mails.
This is my maillog (/var/log/maillog) and see what sendmail is doing.
Code:
Dec 21 10:38:05 www sendmail[11660]: jBLFbqnE011658: to=<user1@mydomain.com>, delay=00:00:07, xdelay=00:00:06, maile
r=esmtp, pri=30756, relay=mail.myISP.com. [144.140.80.10], dsn=2.0.0, stat=Sent (Message received: 20051220234158.L
OJN14751.omta05ps.mx.myISP.com@www.mydomain.com)
Dec 21 10:38:05 www imapd[11664]: imap service init from 127.0.0.1
Dec 21 10:38:05 www imapd[11664]: Login user=user1 host=localhost.localdomain [127.0.0.1]
Dec 21 10:38:06 www imapd[11664]: Logout user=user1 host=localhost.localdomain [127.0.0.1]
Please point out the problems. Thank you. |
|
|
|
All times are GMT -5. The time now is 10:13 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
