Hi all, I just installed Sendmail-8.12.10-7 on SuSE 9.0. I set SuSEfirewall2 to listen to SMTP. I also already set SMTPD_LISTEN_REMOTE ="yes" in /etc/syscinfig/mail. When I do 'lsof | grep LISTEN' it shows that sendmail 2721 r oot 4u IPv4 4929 TCP *:smtp (LISTEN) but when I send an email from trusted network to someone in internet it replys that RELAYING DENIED for the to address. I just only send the email from local. Anyone facing this problem? TIA edwin
edwin wrote:
Hi all,
I just installed Sendmail-8.12.10-7 on SuSE 9.0. I set SuSEfirewall2 to listen to SMTP. I also already set SMTPD_LISTEN_REMOTE ="yes" in /etc/syscinfig/mail. When I do 'lsof | grep LISTEN' it shows that
sendmail 2721 r oot 4u IPv4 4929 TCP *:smtp (LISTEN)
but when I send an email from trusted network to someone in internet it replys that RELAYING DENIED for the to address. I just only send the email from local.
Anyone facing this problem?
TIA edwin
whats with the /etc/sendmail.cf ? this is the configuration file for sendmail. (or /etc/mail/sendmail.mc) -- mfg Michael Klein MK-EDV Dienstleistungen ------------------------------- edv.mknet.at Homepage lug.krems.cc Linux User Groupe -------------------------------
Am Mittwoch, 10. März 2004 07:52 schrieb edwin:
I just installed Sendmail-8.12.10-7 on SuSE 9.0. I set SuSEfirewall2 to listen to SMTP. I also already set SMTPD_LISTEN_REMOTE ="yes" in /etc/syscinfig/mail. When I do 'lsof | grep LISTEN' it shows that
sendmail 2721 r oot 4u IPv4 4929 TCP *:smtp (LISTEN)
but when I send an email from trusted network to someone in internet it replys that RELAYING DENIED for the to address. I just only send the email from local.
Anyone facing this problem?
I think you must insert your trusted network into /etc/mail/relay-domains. -- _/_/_/_/_/ _/_/ _/ _/ _/ _/ _/ _/ With kind regards _/ _/ _/ Tielbürger Datentechnik GmbH _/ _/ _/ _/ _/ _/ Dipl.-Math. Holger Grebener _/ _/_/_/
Hmm...
Let me give the ilustration
Internet
| mail server
| |
|-----------------
|
SuSE-Firewall
|
|--
|
|--
|
Internal LAN
The SuSEFirewall machine have two ethernet primarily use for Firewall and
proxy using 7.3. One ethernet card have the same subnet with mail server,
and the other have internal address. The mail server I just upgrade it using
9.0 sendmail 8.12.10 it also running SuSEfirewall2.
When I send an email from internal LAN (using kmail, outlook express or
whatever)using smtp at mail server it shows the message that the address I
send to was Reject because Relaying Deny for the to address ( 550 5.7.1
I just installed Sendmail-8.12.10-7 on SuSE 9.0. I set SuSEfirewall2 to listen to SMTP. I also already set SMTPD_LISTEN_REMOTE ="yes" in /etc/syscinfig/mail. When I do 'lsof | grep LISTEN' it shows that
sendmail 2721 r oot 4u IPv4 4929 TCP *:smtp (LISTEN)
but when I send an email from trusted network to someone in internet it replys that RELAYING DENIED for the to address. I just only send the email from local.
Anyone facing this problem?
I think you must insert your trusted network into /etc/mail/relay-domains. -- _/_/_/_/_/ _/_/ _/ _/ _/ _/ _/ _/ With kind regards _/ _/ _/ Tielbürger Datentechnik GmbH _/ _/ _/ _/ _/ _/ Dipl.-Math. Holger Grebener _/ _/_/_/ -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Am Mittwoch, 10. März 2004 09:59 schrieb edwin:
Let me give the ilustration
Internet
| mail server | |-----------------
SuSE-Firewall
|-- | |--
Internal LAN
The SuSEFirewall machine have two ethernet primarily use for Firewall and proxy using 7.3. One ethernet card have the same subnet with mail server, and the other have internal address. The mail server I just upgrade it using 9.0 sendmail 8.12.10 it also running SuSEfirewall2.
When I send an email from internal LAN (using kmail, outlook express or whatever)using smtp at mail server it shows the message that the address I send to was Reject because Relaying Deny for the to address ( 550 5.7.1
... Relaying denied). I put the name of our domain in /etc/mail/relay-domains already, also I put the IP and name of domain /etc/mail/access already, Sendmail.cf setup also very basic build by SuSEconfig,with Cw and DM set to my domain. It used to work when I used 7.3 However I can receive all the email from the outside, it looks like the smtp only receive the email to our address, but not to send it to the internet.
a. It will send mails into the internet whose destination is in your domain. To send mails to other destinations you must specifically assign those workstations that are allowed to (Anti-Spam!). b. Does your firewall masquerade? If so you should put the IP address of its external interface into /etc/mail/relay-domains. c. If your firewall does not masquerade: You put the name of your domain into /etc/mail/relay-domains. Can your external mail server resolve internal workstation names? If not it can not see that your workstations are belonging to this domain. To test this you could insert the IP of one workstation into /etc/mail/relay-domains and look if this workstation can send now. d. If internal workstation names are resolvable by your external mail server, perhaps sendmail does not understand regular expressions in /etc/mail/ relay-domains. I do not know how to change this behaviour. The insertion of all workstations into /etc/relay-domains can circumvent it (not an elegant solution). I hope this helps. -- _/_/_/_/_/ _/_/ _/ _/ _/ _/ _/ _/ With kind regards _/ _/ _/ Tielbürger Datentechnik GmbH _/ _/ _/ _/ _/ _/ Dipl.-Math. Holger Grebener _/ _/_/_/
Yes my firewall is masqueraded. Actually I already put the domain name on /etc/mail/relay-domains but it is not work. And after your email I put also the name of the firewall and its ip address, and voila it works. Thanks for your suggestion Holger. Anyway, in 7.3 I use an antivirus daemon to protect smtp ( I still have client using W$$$$ws). I give the port 25 to the antivirus and move the sendmail to another port. It is possible because smtp was running through inetd. Is it possible to use xinetd for sendmail in 9.0 and move the smtp (sendmail) to another port? Anyone here have experienced? TIA medwin
Am Donnerstag, 11. März 2004 09:55 schrieb edwin:
Anyway, in 7.3 I use an antivirus daemon to protect smtp ( I still have client using W$$$$ws). I give the port 25 to the antivirus and move the sendmail to another port. It is possible because smtp was running through inetd.
Is it possible to use xinetd for sendmail in 9.0 and move the smtp (sendmail) to another port? Anyone here have experienced?
I do not know about xinetd but you could start sendmail by rc-files and leave it running (it is less cost intensive). To change the port, you could change /etc/sendmail.cf by inserting this line: O DaemonPortOptions=Port=<port number wanted> Equally, you can change the item SENDMAIL_ARGS in the /etc/sysconfig editor (YaST) by adding: -ODaemonPortOptions=Port=<prot number wanted> I hope this helps. -- _/_/_/_/_/ _/_/ _/ _/ _/ _/ _/ _/ Mit freundlichen Grüßen _/ _/ _/ Tielbürger Datentechnik GmbH _/ _/ _/ _/ _/ _/ Dipl.-Math. Holger Grebener _/ _/_/_/
It works!! :-) Thanks again for the help and quick suggestion Holger Also to Noah. You really make my job easier !! medwin -----Original Message----- From: Holger Grebener [mailto:holger.grebener@tieldat.de] Sent: Thursday, March 11, 2004 4:33 PM To: suse-security@suse.com Subject: Re: [suse-security] Sendmail on 9.0 Am Donnerstag, 11. März 2004 09:55 schrieb edwin:
Anyway, in 7.3 I use an antivirus daemon to protect smtp ( I still have client using W$$$$ws). I give the port 25 to the antivirus and move the sendmail to another port. It is possible because smtp was running through inetd.
Is it possible to use xinetd for sendmail in 9.0 and move the smtp (sendmail) to another port? Anyone here have experienced?
I do not know about xinetd but you could start sendmail by rc-files and leave it running (it is less cost intensive). To change the port, you could change /etc/sendmail.cf by inserting this line: O DaemonPortOptions=Port=<port number wanted> Equally, you can change the item SENDMAIL_ARGS in the /etc/sysconfig editor (YaST) by adding: -ODaemonPortOptions=Port=<prot number wanted> I hope this helps. -- _/_/_/_/_/ _/_/ _/ _/ _/ _/ _/ _/ Mit freundlichen Grüßen _/ _/ _/ Tielbürger Datentechnik GmbH _/ _/ _/ _/ _/ _/ Dipl.-Math. Holger Grebener _/ _/_/_/ -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
At 04:19 10.03.2004, you wrote:
Hi all,
I just installed Sendmail-8.12.10-7 on SuSE 9.0. I set SuSEfirewall2 to listen to SMTP. I also already set SMTPD_LISTEN_REMOTE ="yes" in /etc/syscinfig/mail. When I do 'lsof | grep LISTEN' it shows that
sendmail 2721 r oot 4u IPv4 4929 TCP *:smtp (LISTEN)
but when I send an email from trusted network to someone in internet it replys that RELAYING DENIED for the to address. I just only send the email from local.
Anyone facing this problem?
edwin you have to edit /etc/mail/access with a corresponding RELAY rule.
TIA edwin
rgds, sandro
participants (4)
-
edwin
-
Holger Grebener
-
Michael Klein
-
Sandro Trinkler