"Jens Hoja" writes:

Smtp has no authentication mechanism, but pop has. after configured pop-before-smtp with sendmail only users with authenticated by pop first are allowed to send email through your mailserver.

Sorry, but SMTP does have an authentication mechanism. RFC2554 (and possibly others) describe this. SuSE sendmail supports this, you may have to use package sendmail-sasl rather than just 'plain' sendmail in some releases. This does, of course, need to configured as to what authentication is required.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 26 April 2003 13:08, Jens Hoja wrote:

smtp.kundenserver.de: Hello,

Is that not 1und1 email server. If I am correct you must use the authority server. see http://sdb.suse.de/de/sdb/html/sendmail_smtp_auth.html or http://www.abgruen.de/linux/auth-smtp.html for SuSE8.0 and above Hopefully this will help you. Ian - -- A child of five would understand this. Send someone to fetch a child of five. Groucho Marx - ---------------------------------------------------- This mail has been scanned for virus by AntiVir for UNIX Copyright (C) 1994-2003 by H+BEDV Datentechnik GmbH. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+qv68KiWi8VifhEkRAqZ9AJ0QVeZdNv5i4/VvUBis1Nl4c5Se+QCfVi4D bg1mcwn1JeFL5YWHDi3iTKA= =IuL/ -----END PGP SIGNATURE-----

Hoi ! Hatto von Hatzfeld schrieb:

On Sat, Apr 26, 2003 at 10:56:58AM +0200, Carsten Becher wrote:

...

I?ve a mailserver running at home (for 2 clients - nothing serious), SuSE 7.2.

Is it "visible" from the Internet, or is there a router/firewall between your LAN mailserver and the Internet? In the second case you do not have any problem, if the router does not forward requests from outside.

It is. It is the same box through wich i connect to the internet.

If your mailserver is connected directly to the Internet (which I do not recommend), then you must be very accurate installing all necessary patches to all the services this server offers (and limiting these services as strictly as possible). And you should use the SuSE firewall to block all accesses from outside which are not iniciated from inside.

I have already tried to strip-down the system to the necessary (no X, no compiler, only the required software, selfmade kernel with only the necessary drivers and without suport for loadable modules)

...

I?ve already restrictet access by using the /etc/mail/access to 192.168 . That?s enough or should i do something more?

Hm; normally sendmail in the standard installation does not relay to any other destination. So you must have done something to change that behaviour. What have you done? What exactly was your change in /etc/mail/access?

adding the line : 192.168 RELAY I know from squid that you as last rule set "deny all" for to close off everything you did not explicit allow. Is this possible with sendmail too?

...

Background is, i got me this message by my system :

----- The following addresses had permanent fatal errors ----- (reason: 550 relaying to prohibited by administrator)

----- Transcript of session follows ----- ... while talking to smtp.kundenserver.de:

...

...

...

RCPT To:

<<< 550 relaying to prohibited by administrator 550 5.1.1 ... User unknown

Look?s tight to me, or did i miss something important?

This looks to me like a bounce from the mailserver smtp.kundenserver.de, i.e. that server did not accept a mail coming from you. Did you send that mail? To whom was it sent? What is the domain of your server? Do you use an "smart relay" and which? What are the headers of the bounced mail?

Did not send it, dont know this user. Thats my prob- i am afraid that someone has tried to send mail via my system. This is the complete mail i got from my system : ********************************************************************* The original message was received at Fri, 25 Apr 2003 22:37:09 +0200 from pc-200-74-27-127.apoquindo2.pc.metropolis-inter.com [200.74.27.127] (may be forged) with id h3PKb8102370 ----- The following addresses had permanent fatal errors ----- (reason: 550 relaying to prohibited by administrator) ----- Transcript of session follows ----- ... while talking to smtp.kundenserver.de:

...

...

RCPT To:

<<< 550 relaying to prohibited by administrator 550 5.1.1 ... User unknown Reporting-MTA: dns; darkstar-xi.cmc-hq-2 Arrival-Date: Fri, 25 Apr 2003 22:37:09 +0200 Final-Recipient: RFC822; johan@mi.cl Action: failed Status: 5.1.1 Remote-MTA: DNS; smtp.kundenserver.de Diagnostic-Code: SMTP; 550 relaying to prohibited by administrator Last-Attempt-Date: Fri, 25 Apr 2003 22:43:04 +0200 Return-Path: Received: from relay.freddy.it (pc-200-74-27-127.apoquindo2.pc.metropolis-inter.com [200.74.27.127] (may be forged)) by darkstar-xi.cmc-hq-2 (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) with ESMTP id h3PKb8102370 for ; Fri, 25 Apr 2003 22:37:09 +0200 Message-ID: <050049051046049054056046049048057046055057@relay.freddy.it> To: From: freddy@freddy.com Subject: please find file attached Date: Fri, 25 Apr 2003 16:30:47 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook Express 5.00.3018.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 *************************************************************

Your question simply does not contain all the necessary informations.

Well, i am pretty much a newbie when it comes to sendmail .....

*If* you are using smtp.kundenserver.de as smart relay *and* you have the problem that that server does not accept your mails to third parties than http://sdb.suse.de/de/sdb/html/sendmail_smtp_auth.html contains the solution.

I use smtp.kundenserver.de as mailrelay and it accepts my own mails pretty well. smtp-auth i couldn´t get to work because sendmail couldn´t dlopen a lib.

If you leave the mail configuration in its standard form (which does not allow relaying) than your clients still can send their mails using SMTP AUTH via your mail server. This is obviously the safest configuration (if you do not leave an unpatched sendmail-tls or openssl on your mailserver).

Gruß, Hatto

thX & cu Carsten