Hi Volker, On Wed, 1 Nov 2000, Volker Kuhlmann wrote:
Hello all,
I have a problem with mail relaying. Testing my machine (at home) with the test at http://www.abuse.net/relay.html, I found that it was indeed relaying. That was a surprise, because I thought I had a default configuration and that the default would not allow relaying.
I selected "host with permanent net connection" in yast. In order to get things going, I had to set
FROM_HEADER="elec.canterbury.ac.nz"
in rc.config, which leads to a
DMelec.canterbury.ac.nz
I don't use SuSE's default configuration, so in part I'm guessing here. Anyway DM is for masquerading, i.e. every mail (except for exposed users) to leave your machine is masqued to look like it came from username@elec.canterbury.ac.nz. If this is your machine name, it shouldn't be neccessary though.
line in sendmail.cf. Without this, email to kuhlmav@elec.canterbury.ac.nz leaves my host (as /var/log/mail shows), but never arrives - presumably because the university's mail gateway cantva.canterbury.ac.nz trashes it. I remember having had problems before if the sending host's (mine) FQN doesn't resolve (although it seemed I can put anything I want, as long as it resolves).
I am guessing that elec.canterbury.ac.nz is your machine? The first thing you need to do is make sure that in your sendmail.cw file you put every hostname that should be treated as local, that is delivered to a local user. so your sendmail.cw file should contain localhost elec.canterbury.ac.nz (optionally canterbury.ac.nz if you're mailserver for the entire canterbury domain) That means every e-mail sent FROM elec.canterbury.ac.nz to user@elec.canterbury.ac.nz will be treated as local. However, to enable people to send mail to you from a remote site, you need to do more. Ask you local DNS administrator to add an MX record for your machine (which he will not do as long as your machine relays ;-)). You can test it with nslookup. Do: nslookup
set q=MX (to query for mail exchangers) elec.canterbury.ac.nz
This should give you the mail exchanger record for your machine, which is now probably empty. That means that depending on their configuration, a lot of servers won't be able to send to you (in the absence of an MX record, some try to send directly to the ip-address of the machine instead).
How can I configure things to make email work, but block relaying?
These changes will make sure your mail is sent and delivered correctly. It doesn't help with your relay problem though. Check your /etc/mail/access and /etc/mail/relay-domains to see if they're correctly set-up. And check your sendmail.cf to see if both are used. I should think a default SuSE setup uses both. Check out which relay test you failed, usually there are hints to help you along. Also you might want to check out www.orbs.org, there are some good tips on closing relay holes there.
Thanks for any help,
One request though: PLEASE PLEASE shut down your server while it is relaying. I'm sure a lot of people on this list have experienced the joys of open relays.
Volker
good luck Stefan