RoMaN SoFt / LLFB!! wrote:
Hi.
I'm running SuSE 6.4 and need to run sendmail (host permanently connected to Internet). By default, SM 8.9.3 comes with relay denied for all. I want to set an acceptable secure sendmail. The scenario is as follows:
\snip
The problem is that my users can connect to the smtp machine from *ANY* ip. So the rely-filters only could trust in the "From:" line in header's mail. I know this isn't too much secure, since spammers could send mail spoofing the From: field (which is trivial). But it's more secure than a sendmail running with "promiscuos relay" feature turned on. \snip
What I want is that user@cccc.com can send (not be sent to) to any other recipient (at whatever domain) using my mta.
I had the same situation, in my sendmail.cf I added the following lines at the end of SBasic_check_rcpt: # check IP address R$* $: $&{client_addr} R$@ $@ OK originated locally R0 $@ OK originated locally R$=R $* $@ OK relayable IP address R$* $: $>LookUpAddress <$1> <?> <$1> R<RELAY> $* $@ RELAY relayable IP address R<$*> <$*> $: $2 R$* $: [ $1 ] put brackets around it... R$=w $@ OK ... and see if it is local ##ADDED by MH F{roamingdomains}/etc/mail/roaming-domains # now get and canonify the FROM address R$* $: $(dequote "" $&f $) R$+@$={roamingdomains} $@ RELAY ##/ADDED by MH # anything else is bogus R$* $#error $@ 5.7.1 $: "550 Relaying denied" /etc/mail/roaming-domains contains the list of sender-domains that are allowed. It works well, and I think it's reasonable secure. HTH Martin