Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 01-06-2009, 07:27 PM   #1
LQ Newbie
Registered: Jan 2009
Posts: 1

Rep: Reputation: 0
Sendmail : Control who is allowed to send to my server

I am hoping that someone can help me figure this out. I am sure there is a simple solution out there --- but I am coming up with nothing. Apparently my brain has not made its way out of "holiday mode".

Lets say I have a sendmail server with port 25 wide open. Relaying is controlled via access.db so that only a few subnets are allowed to relay through the server. So --- the server is not acting as a spam relay (good thig, of course). Users have a need to be able to send through this server from off-site --- so the server requires SMTP AUTH via TLS for anyone not in the access.db relay list. The server has the lowest priority on the MX records because there are several spam filtering servers in front of it, but the server itself does not do any spam processing. This server is the final destination of mail for this network --- it is the one with all of the users accounts, the one accepting POPS/IMAPS connections, etc.

The problem is that a spammer can obviously ignore the MX records (as they often do) and send mail straight to the server with the lowest priority (which happens to be the mail server in question). The server stops spammers from using it as a relay, but spam destined for users on the server itself would be accepted. Mail that is destined for users on the server would obviously not be denied by means of relaying control. So, users are getting spam with a spoofed sender address -- often their own address or the address of another user on the system. Short of adding spam processing to this server .... what can I do to stop this? I basically just want to tell the server to only accept delivery of mail from a certain set of addresses (those in the relay list and the spam processing servers ahead of it in the MX records) and those that have SMTP AUTH'd. Any ideas? I was able to google how to do this on other MTAs ... just not sendmail.

As a note : I have asked this question in other places ... and two things were suggested. The first was removing this server from the MX records entirely. Unfortunately, this would not do any good as the server is already known by spammers. Also --- it has been suggested that I just put a host based firewall entry to deny all connections on port 25 except for those originating from the spam processing servers and those that I wish to be allowed to relay. This would not be acceptable as I need external users to be able to send through this server (using SMTP AUTH).

Thanks in advance for any help!
Old 01-07-2009, 11:52 AM   #2
Senior Member
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 164Reputation: 164
Why not have the users send mail through the spam filtering devices and let nothing but the spam filtering devices connect to the end destination?

Your end point needs whatever means the users use to get the mail to be accessible, eg: pop3, imap, webmail, or whatever... but it doesn't need to handle incoming emails at all either from the users or from outside (it shouldn't be an mx.)

You can even do remote smtp authorization from most spam firewall devices (barracuda comes to mind) and even custom setups could do it to verify an account exists before accepting the message.

If there is a way to fully bypass all the spam filters you negate the value of said filters.

Last edited by rweaver; 01-07-2009 at 11:56 AM.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Moved server to new ISP, now sendmail won't send BigFunkyChief Linux - Server 6 12-01-2007 09:23 AM
sendmail can't send to my smtp-server boggiTBU Linux - Server 1 09-03-2007 05:22 AM
how to send all mail through isp server with sendmail or? dlm4444 Linux - Wireless Networking 1 07-06-2005 04:07 PM
Can't send email outside my server with sendmail rocketman3245 Mandriva 1 07-28-2004 10:01 PM
I cannot send mail using Outlook and sendmail server? tthai01 Linux - Networking 2 02-12-2003 08:59 AM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 09:35 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration