I'm an open relay and I can't stop
Les Mikesell
lesmikesell at gmail.com
Sat Nov 5 16:52:02 UTC 2005
On Sat, 2005-11-05 at 09:45, Raymond Norton wrote:
> I am running a server with Fedora core 1, using sendmail-8.12.10-1.1.1. We
> added proxsmtp to one of our firewalls, so it intercepts mail before
> sending it on to the mail server. Unfortunately, the box is acting as a
> relay server now, even though it is set up properly. We are running a
> 192.168.0, class C internally. I have to add the network in
> /etc/mail/access, or users get relaying not allowed messages, but this
> allows the proxsmtp box to act as a relay. Is there to prevent this, but
> still allow local users to send mail through the server?
Can you configure the firewall to port-forward port 25 to your
FC box instead of proxying (i.e. NAT the destination but not
the source address)? That will let sendmail see the real
source address and apply your access list rules. If not,
you may be able to add the firewall address in the access
rules as OK and the network as RELAY (not sure if a
more specific match wins but it should).
Another approach is to require SMTP authentication to relay.
This takes more setup but most current mail clients support
it and it will allow your users to send mail even if they
connect from the internet side as with a roaming laptop
or cell phone that supports internet email.
--
Les Mikesell
lesmikesell at gmail.com
More information about the users
mailing list