[OT] Sendmail: Open relay was tested as closed but...
Dan Thurman
dant at cdkkt.com
Mon Apr 21 17:11:59 UTC 2014
On 04/21/2014 07:10 AM, Alexander Dalloz wrote:
> Am 21.04.2014 09:12, schrieb Dan Thurman:
>> On 04/20/2014 02:00 PM, Dan Thurman wrote:
>
>>> I have F8 and F18. F8 is not affected by HB and F18 is HB
>>> fixed (recompiled) and certificates regenerated. Both Fedora
>>> versions have the same "open-relay" issues and both have
>>> similar or nearly identical sendmail.mc configurations.
>
> You are seriously running 2 obsolete Fedora releases as MTAs exposed
> to the public net? Setup security patched platforms for public hosts.
ok.
>
>>> Here is my sendmail.mc file and
>>> let me know if there is a problem?:
>>>
>>> <snip!>
>>>
>>> DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
>> Drop 1 below:
>>> DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL M=s')dnl
>> Add 2 below:
>> DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
>> DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
>>
>> So far, the spamming stopped...
>
> You changes are random an do not explain why spammers were/are able to
> misuse your Sendmail.
This is what I am trying to understand. I was adding spammers to the access
database, only to discover that the access database was either ignored or
the access database record added was bogus to begin with.
>
> DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL M=s')dnl
>
> and
>
> DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
>
> are equal. There is no functional difference. And offering the
> additional daemon on the submission port and enforcing authentication
> for that service just adds a function and does not fix anything
> previously configured.
>
> In fact using submission on port 587 with STARTTLS is the right thing
How can I do this?
>
> instead of the obsoleted SMTPS on port 465.
>
> Alexander
>
Ok, so what DAEMONs do I need? So far you said:
? DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
Obsolete: DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL M=s')dnl
above identical with below
Obsolete: DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
No value: DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
Thanks!
More information about the users
mailing list