[OT] Sendmail: Open relay was tested as closed but...
Dan Thurman
dant at cdkkt.com
Mon Apr 21 18:02:42 UTC 2014
On 04/21/2014 10:11 AM, Dan Thurman wrote:
> On 04/21/2014 07:10 AM, Alexander Dalloz wrote:
>> Am 21.04.2014 09:12, schrieb Dan Thurman:
>>> On 04/20/2014 02:00 PM, Dan Thurman wrote:
>>
>>>> I have F8 and F18. F8 is not affected by HB and F18 is HB
>>>> fixed (recompiled) and certificates regenerated. Both Fedora
>>>> versions have the same "open-relay" issues and both have
>>>> similar or nearly identical sendmail.mc configurations.
>>
>> You are seriously running 2 obsolete Fedora releases as MTAs exposed
>> to the public net? Setup security patched platforms for public hosts.
> ok.
>>
>>>> Here is my sendmail.mc file and
>>>> let me know if there is a problem?:
>>>>
>>>> <snip!>
>>>>
>>>> DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
>>> Drop 1 below:
>>>> DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL M=s')dnl
>>> Add 2 below:
>>> DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
>>> DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
>>>
>>> So far, the spamming stopped...
>>
>> You changes are random an do not explain why spammers were/are able
>> to misuse your Sendmail.
> This is what I am trying to understand. I was adding spammers to the
> access
> database, only to discover that the access database was either ignored or
> the access database record added was bogus to begin with.
>>
>> DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL M=s')dnl
>>
>> and
>>
>> DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
>>
>> are equal. There is no functional difference. And offering the
>> additional daemon on the submission port and enforcing authentication
>> for that service just adds a function and does not fix anything
>> previously configured.
>>
>> In fact using submission on port 587 with STARTTLS is the right thing
> How can I do this?
>>
>> instead of the obsoleted SMTPS on port 465.
>>
>> Alexander
>>
> Ok, so what DAEMONs do I need? So far you said:
>
> ? DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
>
> Obsolete: DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL M=s')dnl
> above identical with below
> Obsolete: DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
> No value: DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
>
> Thanks!
I found an old posting you made here:
http://compgroups.net/comp.mail.sendmail/problem-using-port-587/1312021
Knute Johnson wrote:
[...]
:: I want to be able to have the outside world connect to my sendmail on
:: port 25 and port 587. Is that possible? What do I need to change?
Alexander Dalloz replied:
: Do you have more than the 1 IP (208.1.40.42)? If not it is sufficient to
: configure in sendmail.mc:
:
: DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
: DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
[...]
So, I tried only the two DAEMONs and 'telnet localhost 587' worked!
So far, I see no spamming as of yet...
More information about the users
mailing list