[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: [LI] Relaying denied

To: linux-india@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [LI] Relaying denied
From: Suresh Ramasubramanian <r.suresh@xxxxxxxxxxxxxxx>
Date: Fri, 14 Jan 2000 15:23:10 +0530 (IST)
Cc: Atul Chitnis <achitnis@xxxxxxxxxxx>, Jiju Thomas Mathew <digitelnet@xxxxxxxx>
In-reply-to: <200001140436.UAA14002@www.aunet.org>
Reply-to: linux-india
Sender: owner-linux-india@xxxxxxxxxxxxxxxxxxxxx

Thus spake Jiju Thomas Mathew

> >  The message could not be sent, Relaying denied, Port 25 
> >  secure(SSC) No, Server Error; 550, Error No. 0x800CCC79.

> by default linux distributions use sendmail as the Mail 
> Transport Agent, and initial setup is for relay: none.
> by tweakng the sendmail.cf you could achieve the requirement,

Sendmail WILL relay without any tweaking for a local user / someone
logged in on your LAN. I don't understand what the problem is.  If a
remote user, then set up the check_rcpt tables properly (with IP addresses
specified rather than FQDNs as these can be spoofed)

> But sendmail which comes with RH 6.1 (as well as older) has a 
> spam security problem, so it is

Pardon??? RH 6.1 ships with sendmail 8.9.3 which IS secure.  RH 6 shipped
with 8.9.3 but generated slightly faulty check_rcpt tables.  RH 6.1 does
not have this problem.

See http://www.sendmail.org/tips/relaying.html for more information on how
to configure sendmail.

> advisable to switch to
> qmail, which has far more features and facilities.

Oh hell, don't start the sendmail v/s qmail debate now :(  Sendmail is
perfectly ok, as a matter of fact.

Thus spake Atul Chitnis:

> Not true. RHL 6.1's sendmail by default turns off *all* relaying (which is
> what spamsters need to do their work). in fact, this "relaying denied" has
> been a "problem" to users since RHL 5.1 when spam controls were
> introduced.

They are necessary - and you can easily set up what ips / hosts can relay
through your smtp server.

If this is not constant - you have an alternative - POP before SMTP
authentication (user must check mail with a valid pop account b4 sending
mail - like mail.satyam.net.in)

> Qmail may have *some* good features, but it is *postfix* that will
> eventually replace sendmail in the future.

Another one :(  Now doubtless someone will come in with PMDF / Post.Office
etc etc as HIS pet MTA of the future.  Any MTA gets old, and
vulnerablities are discovered.  

These are promptly fixed in upgrades anyway - whether it be qmail /
postfix or whatever.  So, retaining an old / misconfigured version of an
MTA and cribbing that it is insecure is not too OK :)

-- 
Suresh Ramasubramanian     | CAUCE India
r.suresh@xxxxxxxxxxxxxxx   | suresh@xxxxxxxxxxxxxxx
http://www.india.cauce.org | Stopping Spam In India

Real Users are afraid they'll break the machine -- 
but they're never afraid to break your face.

--------------------------------------------------------------------
The Linux India Mailing List Archives are now available.  Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.

Prev by Subject: Re: [LI] registering web site on search engines
Next by Subject: [LI] Relinking the Kernel
Previous by thread: Re: [LI] Fetchmail Multiple copies
Next by thread: [LI] Telnet and scripts
Index(es):
- Subject
- Thread