[OT] Sendmail: Open relay was tested as closed but...
Alexander Dalloz
ad+lists at uni-x.org
Mon Apr 21 14:10:07 UTC 2014
Am 21.04.2014 09:12, schrieb Dan Thurman:
> On 04/20/2014 02:00 PM, Dan Thurman wrote:
>> I have F8 and F18. F8 is not affected by HB and F18 is HB
>> fixed (recompiled) and certificates regenerated. Both Fedora
>> versions have the same "open-relay" issues and both have
>> similar or nearly identical sendmail.mc configurations.
You are seriously running 2 obsolete Fedora releases as MTAs exposed to
the public net? Setup security patched platforms for public hosts.
>> Here is my sendmail.mc file and
>> let me know if there is a problem?:
>>
>> <snip!>
>>
>> DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
> Drop 1 below:
>> DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL M=s')dnl
> Add 2 below:
> DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
> DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
>
> So far, the spamming stopped...
You changes are random an do not explain why spammers were/are able to
misuse your Sendmail.
DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL M=s')dnl
and
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
are equal. There is no functional difference. And offering the
additional daemon on the submission port and enforcing authentication
for that service just adds a function and does not fix anything
previously configured.
In fact using submission on port 587 with STARTTLS is the right thing
instead of the obsoleted SMTPS on port 465.
Alexander
More information about the users
mailing list