Hi,
Have been digging into this for what seems like an age now and no matter what I try, do not seem to be able to find a solution to combat my following problem.
Basically, I have a server set up with sendmail 8.12.11 that is used for backup MX relaying of mail in the event that the higher priority mail server is offline and all works great and in such a failure event, mail dutifully arrives on the backup MX server and is retained/spooled, and when the primary one comes back online, it is all then delivered on - great
Problem I have found is that spammers can use this backup MX also by listing the valid domain name in the email address of the email being sent along with all of the other email addresses that are external and nothing to do with any domain listed in the access and mailertable files - and they are dutifully (ahhhhh) sent on it would appear.
In my access file I have along the lines of:
mydomain.tld RELAY # for each domain
and in my mailertable file I have along the lines of:
mydomain.tld esmtp:[mail.mydomain.tld]
.mydomain.tld esmtp:[mail.mydomain.tld]
Now I can not hide the MX record in DNS as then it will not be accessible for mail to failover onto. I need to enable RELAY in access for the proper domain for it to retain/spool and deliver mail on for in the event of primary mail server failure, and I need to ensure the mailertable is as per to ensure it gets to the main mail server when sending on.
Anyone any ideas please on what 'I am obviously' missing here to prevent such an abuse being possible please.
At present I have had to stop the backup MX for obvious reasons of it being open to this kind of abuse, so really need to work out what I am missing or done wrong, as no doubt this is a total idiot (me) mistake I would guess.
Any input gratefully received.
Mac