[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: Relaying with sendmail 8.8.7

To: ILUG Chennai <ilugc@xxxxxxxxxxxxxxxxxx>
Subject: Re: Relaying with sendmail 8.8.7
From: Oommen Thomas <oommen@xxxxxxxxxxxxxxxxx>
Date: Wed, 13 Dec 2000 00:52:11 -0500 (EST)
Delivered-to: ilug-c-archive@lists.linux-india.org
In-reply-to: <Pine.LNX.3.93.1001213084325.3888A-100000@aero.aero.iitm.ernet.in>
Reply-to: ilugc@xxxxxxxxxxxxxxxxxx
Sender: ilugc-bounce@xxxxxxxxxxxxxxxxxx


Hi Sriram,

Iam attaching a posting I came across in deja after sending my mail to
ILUGC.

Is this OK?
What I need is to deny relaying for some known spammers.

Will the following lines serve that purpose?

F{DeniedIP} -o /etc/mail/DeniedIP
F{DeniedNames} -o /etc/mail/DeniedNames  

-
Thanks
Oommen


On Wed, 13 Dec 2000, Dr. P. Sriram wrote:

> 
> On Tue, 12 Dec 2000, Oommen Thomas wrote:
> > How to allow/deny relaying in 8.8.7 sendmail?
> > Is this possible or do I have to upgrade to newer version?
> 
> relay allow/deny capabilities are present in 8.8.7; however, versions
> below 8.9.3 or so can be defeated using special forms of addresses and are
> thus open for spamming. if spam defeating is not of major concern and you
> simply want to be able to provide controlled realying, 8.8.7 will do fine. 
> this might be the situation with dial-up or low speed (isdn type) leased
> line connects. there are three lines in the sendmail.cf file that begin
> F{LocalIP}, F(LocalNames} and F{RelayTo}; these lines contain names of
> files that contain the relavant data (as one can guess). the first two are
> for outward relaying of mail - any mail FROM machines with ip addresses
> and domain names in these files will be realyed out (and this has nothing
> to do with what is the from address of the sender or where the mail is
> headed). the third entry is for inbound mail - mail from anywhere TO the
> mail destinations referred to in the appropriate file will be accepted. 
> sendmail 8.9.3 and later support more sophisticated access controls -
> through a Kaccess entry in the sendmail.cf file. 
> 
> sriram g()
> 
> ---
> Visit our home page at: www.chennailug.org
> Send e-mail to 'ilugc-request@xxxxxxxxxxxxxxxxxx' with 'unsubscribe' 
> in either the subject or the body to unsubscribe from this list.
> 

-- 
Regards,					Tranquilmoney.com
Oommen						65, Broadway, Suite 824
						New York, NY 10006
						Phone: 212-402-5383 x 1782


-- Listar MIME Decryption --------------
-- Name   : 0020.txt
-- Decode : BASE64


                            Re: Unwanted relay use
                                       
   Dennis Boylan (dennis@xxxxxxxxxxxxx)
   Fri, 1 Aug 1997 11:04:26 -0400
   
     * Messages sorted by: [ date ][ thread ][ subject ][ author ]
     * Next message: Kevin K. Sochacki: "Re: Samba netbios name"
     * Previous message: Fyodor Yarochkin: "Re: Samba. hate windoze.."
     _________________________________________________________________
   
   wladams@xxxxxxxxxxxxxxxxx writes:
   > 
   > 
   > On Thu, 31 Jul 1997, Duncan Hill wrote:
   > 
   > > On Thu, 31 Jul 1997, David Beitler wrote:
   > > 
   > > > sendmail[15761]: OAA15761:
   from=<CommNOW_Robot@xxxxxxxxxxx>,size=4550,
   > > > class=0, pri=34550, nrcpts=1,
   msgid=<2400845823.1896353@xxxxxxxxxxx>,
   > > > proto=ESMTP, relay=macromac.commnow.com [157.151.203.4] 
   > > 
   > > Ok, as I remember, www.sendmail.org has a sendmail solution to
   this.
   > > The other solution I have seen is to use hosts.deny to deny his IP
   > > access to your mail server port.
   > 
   > also don't forget this works only if sendmail is libwrapped
   > or fronted by tcpd.
   This is not true, you can do the same thing with the check_relay rule,
   if your sendmail is 8.8.
   
   Here is an example linux.mc file to generate everything. It does not
   require that any of the files exist, but if they do, it will use them.
   You just need to put the ip or domain name in the Denied files. I like
   generating all of the cyberpromo domains and putting them in the
   denied
   files. It does not have the 8.8.6 database files for check_relay, but
   it is on my list.
   
   VERSIONID(`LAN configuration with kitchen sink')
   OSTYPE(linux)
   define(`ALIAS_FILE',`/etc/mail/aliases')
   define(`confMATCH_GEOS',False)
   define(`confUNSAFE_GROUP_WRITES',True)
   define(`confCW_FILE',` -o /etc/mail/sendmail.cw')
   FEATURE(use_cw_file)
   FEATURE(nouucp)
   FEATURE(always_add_domain)
   FEATURE(genericstable, `hash -o /etc/mail/genericstable')
   FEATURE(mailertable, `hash -o /etc/mail/mailertable')
   FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')
   FEATURE(domaintable, `hash -o /etc/mail/domaintable')
   MAILER(local)
   MAILER(smtp)
   define(`SPAMMASTER',`dennis@xxxxxxx')
   LOCAL_CONFIG
   F{DeniedIP} -o /etc/mail/DeniedIP
   F{DeniedNames} -o /etc/mail/DeniedNames
   F{RelayFrom} -o /etc/mail/RelayFrom
   F{RelayIP} -o /etc/mail/RelayIP
   F{mxholder} -o /etc/mail/mxholder
   Kforwards hash -o /etc/mail/forwards
   Kspammers hash -o /etc/mail/spammers
   LOCAL_RULESETS
   # Wraper like rule (Can't use maps until 8.8.6 of sendmail)
   Scheck_relay
   R$+ $| $={DeniedIP}$* $#error $@ 5.7.1 $: "no access from your IP
   address"
   R$*$={DeniedNames} $| $* $#error $@ 5.7.1 $: "no access from your
   host"
   
   Scheck_mail
   # check for valid domain name (incompatible with DeliveryMode=defer)
   R$* $: <?> $>3 $1 make domain canonical
   R<?> $* < @ $+ . > $: <OK> tag resolved names
   R<?> $* < @ $+ > $#error $: 451 Domain must resolve
   
   # check relay against spammers database
   R$* $: $(spammers $&{client_name} $: OK $)
   ROK $@ OK
   R$+ $#error $@ 5.7.1 $: "571 Relay denied bu rule Contact SPAMMASTER"
   
   # Stomp on relayers
   Scheck_rcpt
   # Process To
   R$+ $: <$(forwards $1 $)>
   R<FORWARD> $@ ok
   R<DISABLE> $#error $@ 5.7.1 $: "571 Receipient is disabled"
   R$+ $: $>3 $1
   R$+ $: $(dequote $1 $)
   R$- $@ ok to here
   R$*%$*<@$=w> $#error $@ 5.7.1 $: "571 Relay denied by rule Contact
   SPAMMASTER"
   R$*%$*<@$=w.> $#error $@ 5.7.1 $: "571 Relay denied by rule Contact
   SPAMMASTER"
   R$*<@$=w.> $@ ok to here
   R$*<@$={mxholder}.> $@ ok to here
   R$+<@$+.> $: <$(forwards $1@$2 $)>
   R<FORWARD> $@ ok
   R<DISABLE> $#error $@ 5.7.1 $: "571 Receipient is disabled"
   # Process From
   R$* $: $>3 $(dequote "" $&f $)
   R$- $@ ok from here
   R$+<@$*$=w.> $@ ok from here
   R$+<@$*$={RelayFrom}.> $@ ok Domain we will relay for
   R$* $: $(dequote "" $&{client_addr} $)
   R0 $@ ok client_addr is 0 for -bs
   R$={RelayIP}$* $@ ok An address that is friendly
   R$* $#error $@ 5.7.1 $: "571 Relay denied by rule Contact SPAMMASTER"
   
   > 
   > bill
   >
   Dennis Boylan
   dennis@xxxxxxx
     _________________________________________________________________
   
     * Next message: Kevin K. Sochacki: "Re: Samba netbios name"
     * Previous message: Fyodor Yarochkin: "Re: Samba. hate windoze.."

---
Visit our home page at: www.chennailug.org
Send e-mail to 'ilugc-request@xxxxxxxxxxxxxxxxxx' with 'unsubscribe' 
in either the subject or the body to unsubscribe from this list.

References:
- Re: Relaying with sendmail 8.8.7
  - From: Dr. P. Sriram

Prev by Subject: Re: Relaying with sendmail 8.8.7
Next by Subject: Re: Reqd: RedHat 6.2/7.0 CDs ...
Previous by thread: Re: Relaying with sendmail 8.8.7
Next by thread: Linux on P4
Index(es):
- Subject
- Thread