Hmm... Let me give the ilustration Internet | mail server | | |----------------- | SuSE-Firewall | |-- | |-- | Internal LAN The SuSEFirewall machine have two ethernet primarily use for Firewall and proxy using 7.3. One ethernet card have the same subnet with mail server, and the other have internal address. The mail server I just upgrade it using 9.0 sendmail 8.12.10 it also running SuSEfirewall2. When I send an email from internal LAN (using kmail, outlook express or whatever)using smtp at mail server it shows the message that the address I send to was Reject because Relaying Deny for the to address ( 550 5.7.1 ... Relaying denied). I put the name of our domain in /etc/mail/relay-domains already, also I put the IP and name of domain /etc/mail/access already, Sendmail.cf setup also very basic build by SuSEconfig,with Cw and DM set to my domain. It used to work when I used 7.3 However I can receive all the email from the outside, it looks like the smtp only receive the email to our address, but not to send it to the internet. Any idea? M. Edwin -----Original Message----- From: Holger Grebener [mailto:holger.grebener@tieldat.de] Sent: Wednesday, March 10, 2004 2:21 PM To: suse-security@suse.com Subject: Re: [suse-security] Sendmail on 9.0 Am Mittwoch, 10. März 2004 07:52 schrieb edwin:

I just installed Sendmail-8.12.10-7 on SuSE 9.0. I set SuSEfirewall2 to listen to SMTP. I also already set SMTPD_LISTEN_REMOTE ="yes" in /etc/syscinfig/mail. When I do 'lsof | grep LISTEN' it shows that

sendmail 2721 r oot 4u IPv4 4929 TCP *:smtp (LISTEN)

but when I send an email from trusted network to someone in internet it replys that RELAYING DENIED for the to address. I just only send the email from local.

Anyone facing this problem?

I think you must insert your trusted network into /etc/mail/relay-domains. -- _/_/_/_/_/ _/_/ _/ _/ _/ _/ _/ _/ With kind regards _/ _/ _/ Tielbürger Datentechnik GmbH _/ _/ _/ _/ _/ _/ Dipl.-Math. Holger Grebener _/ _/_/_/ -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

Yes my firewall is masqueraded. Actually I already put the domain name on /etc/mail/relay-domains but it is not work. And after your email I put also the name of the firewall and its ip address, and voila it works. Thanks for your suggestion Holger. Anyway, in 7.3 I use an antivirus daemon to protect smtp ( I still have client using W$$$$ws). I give the port 25 to the antivirus and move the sendmail to another port. It is possible because smtp was running through inetd. Is it possible to use xinetd for sendmail in 9.0 and move the smtp (sendmail) to another port? Anyone here have experienced? TIA medwin

It works!! :-) Thanks again for the help and quick suggestion Holger Also to Noah. You really make my job easier !! medwin -----Original Message----- From: Holger Grebener [mailto:holger.grebener@tieldat.de] Sent: Thursday, March 11, 2004 4:33 PM To: suse-security@suse.com Subject: Re: [suse-security] Sendmail on 9.0 Am Donnerstag, 11. März 2004 09:55 schrieb edwin:

Anyway, in 7.3 I use an antivirus daemon to protect smtp ( I still have client using W$$$$ws). I give the port 25 to the antivirus and move the sendmail to another port. It is possible because smtp was running through inetd.

Is it possible to use xinetd for sendmail in 9.0 and move the smtp (sendmail) to another port? Anyone here have experienced?

I do not know about xinetd but you could start sendmail by rc-files and leave it running (it is less cost intensive). To change the port, you could change /etc/sendmail.cf by inserting this line: O DaemonPortOptions=Port=<port number wanted> Equally, you can change the item SENDMAIL_ARGS in the /etc/sysconfig editor (YaST) by adding: -ODaemonPortOptions=Port=<prot number wanted> I hope this helps. -- _/_/_/_/_/ _/_/ _/ _/ _/ _/ _/ _/ Mit freundlichen Grüßen _/ _/ _/ Tielbürger Datentechnik GmbH _/ _/ _/ _/ _/ _/ Dipl.-Math. Holger Grebener _/ _/_/_/ -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here