Help needed to permanently block access to my email server from japan
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Help needed to permanently block access to my email server from japan
I run my own home server using OpenSuse 11.1, everything is setup using apache, php, etc etc, and it all works perfect, but now I need to use my own email server for the use of Dolphin social networking software, so that when someone registers, the email server sends out registration confirmation emails, so I set up postfix, yeah right!!!, even though I followed all instructions to set postfix as a closed relay, a test done at mxtoolbox site still said it was an open relay, but while I was trying to set up postfix, my access to the server slowed down, and my servers drive light was constantly active,,, so when I look at the mail queue, I saw 4000+ emails, all from japan, (hinen.net), so I promptly shut down postfix and use postsuper -d ALL in the command console to delete the queue, but no matter how I try, I couldn't configure postfix as a closed relay,,, so I uninstalled it and installed sendmail, and using webmin, I could use a spam list and block the domain, now, sendmail's test at mxtools show as a closed relay, I can't even send out a test email using smtp auth, but disabling auth, I can, but now my IP is blocked at spam cop, and spamhaus,,, gmail server say my IP is not authorized to send to their servers, but to use my ISP relay instead,,, but my ISP doesn't have a relay,,hence the need to run my own email server.
My home server uses double layer firewall, a hardware firewall between the internet and the server, and a software firewall on the server, and I only allow the ports I need, IE, 80 = http, 443 = https, 20/21 = ftp, 25 = smtp, 110 = pop3. and that's all, but any other internal access from my workstation to the server, using ssh, I only open the ports on the server firewall.
If someone here has a great deal of knowledge on sendmail, and can set up a an M4 (linux.mc) config file for me, it would be much appreciated.
What I would like my email server to do, is to only allow the sending of emails from inside it's own server system,, ie, when a php script sends an email to the server, then the email server would let it through, but anything else, outside the local network is ignored.
What I would like my email server to do, is to only allow the sending of emails from inside it's own server system,, ie, when a php script sends an email to the server, then the email server would let it through, but anything else, outside the local network is ignored.
You can use the accessdb to restrict relay only to localhost and your LAN. Create or edit /etc/mail/access to look like this:
Code:
127.0.0.1 RELAY
192.168.0 RELAY
assuming that your LAN is 192.168.0.0/24.
After that run:
Code:
makemap hash /etc/mail/access < /etc/mail/access
to rebuild the access database.
BTW, you can check if your mailserver is an open relay, here
I can, but now my IP is blocked at spam cop, and spamhaus,,, gmail server say my IP is not authorized to send to their servers, but to use my ISP relay instead,,, but my ISP doesn't have a relay,,hence the need to run my own email server.
You can unblock your IP on their sites.
For gmail, do you have a fixed ip?
Most smtp servers won't allow mail from a dynamic IP.
You also need to setup reverse dns for the mailserver.
gmail, do you have a fixed ip?
Most smtp severs won't allow mail from a dynamic IP.
You also need to setup reverse dns for the mailserver.
Unfortunately I use a dynamic IP address via dyndns.org, but my domain name I got from godaddy, and using their DNS records I forward the CName WWW to my dyndns name, thus instead of http://name.dyndns.??? the browser would use www.domainname.???, but I'm not familiar with setting up or editing a DNS MX records, or reverse DNS records, I only know about A and CNames.
Well, trying to follow: http://www.phinesolutions.com/sendma...lay-howto.html seems to only apply to CentOS, the mc file is completely different, so if anyone wants to have a go at re-writing my linux.mc file, to use gmails smtp server, I have attached it as a text file.
It looks like a good idea to use my gmail account for an smtp relay, but what's needed are the exact 1,2,3 step instructions for OpenSuse not CentOS.
the other 2 files, I can create myself, because they would contain my gmail login information.
Before anyone asks,,,, yes I have SASL, DIGEST-MD5 CRAM-MD5 LOGIN PLAIN, all enabled and available.
I also created a self signed cert in the /etc/mail/certs location,, called sendmail.pem
It would be much appreciated if someone could mod the linux.mc file,,,, then I can just paste it into the M4 config via webmin, and recompile it myself.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.