Way back on Mon, Apr 15, 2002 at 11:08:28AM -0700, Ben Rosenberg wrote:
As far as relaying is concerned you should most likely specify in /etc/mail/access who can relay and deny all others. I don't believe this is configured by default in SuSE.
I've read many, many places that as of v8.9.3, sendmail does not relay by default. To my surprise, I was informed by a relay testing server that I was running an open relay, and, sure enough, my sendmail DOES relay. I had a line "127 RELAY" in /etc/mail/access, so I removed that line, leaving access empty, but upon retesting, I'm still relaying. It's not a huge exposure, dynamic IP, brief connections, but it's not right, and I intend to fix it. I receive my mail via fetchmail, which hands off to sendmail on port 25, and I send to my smarthost, via delayed queueing, and flush the queue when fetchmail is connected anyway. So, with these simple needs, I should be able to restrict sendmail to relaying only to or from localhost. I thought that's what the oft-mentioned "by default no relay" remarks meant. If someone knows offhand, maybe they can reduce my research: Has SuSE done something to enable relaying by default? Do I need some stuff in my access database to restrict relaying, even if I really don't want to relay anything from outside to outside? If so, what's the access line for "deny all except to/from localhost"? The docs and faqs I'm reading all go into elaborate detail on the subject of allowing controlled relaying, whereas I'm more interested in NO relaying.
I've also bitched for years that they should stop having it start with the -bd switch. Taking the -bd switch out of the options for when sendmail starts will make it so it doesn't accept connections..it just sends mail out. If you have a webserver or something else that isn't a mailserver at all..then you don't need to accept mail, just send. :)
I tried turning off the sendmail daemon, per the above reasoning. But then fetchmail began failing, and per the fetchmail FAQ, I needed to have an SMTP listener for fetchmail to pass the mail to. When I was first setting up fetchmail, I tried using procmail as the mda, but for reasons now long forgotten, I went back to sendmail. I think there were problems parsing mailing lists, and my wife's mail stream, that made sendmail receive mail better. And in any case, I'd like to take charge of this important part of my system. FWIW, I'm still running SuSE 6.3, sendmail 8.9.3, and my settings are as follows: /etc/mail/{access,mailertable,userdb,virtusertable} are all empty /etc/mail/service-nodns.switch contains: hosts files aliases files /etc/{rc.config,rc.config.d/sendmail.rc.config} settings: DHCPD_INTERFACE="" DHCRELAY_SERVERS="127.0.0.1 127.0.0.2" FQHOSTNAME="not.a.registered.domain" FROM_HEADER="eskimo.com" FW_START="no" SENDMAIL_ARGS="-bd -om" SENDMAIL_DIALUP="yes" SENDMAIL_EXPENSIVE="yes" SENDMAIL_GENERICS_DOMAIN="" SENDMAIL_LOCALHOST="localhost" SENDMAIL_NOCANONIFY="yes" SENDMAIL_NODNS="yes" SENDMAIL_RELAY="" SENDMAIL_SMARTHOST="smtp:mail.eskimo.com" SENDMAIL_TYPE="yes" SMTP="yes" USEPEERDNS=yes and the resulting .mc file, before m4 renders it into sendmail.cf is: divert(-1) include(`/usr/share/sendmail/m4/cf.m4') divert(0)dnl VERSIONID(`@(#)Setup for SuSE Linux 8.9.3-0.1 (SuSE Linux) 26/10/1999') OSTYPE(`suse-linux')dnl define(`SMART_HOST', `smtp:mail.eskimo.com')dnl FEATURE(`expensive')dnl FEATURE(`nocanonify')dnl HACK(`nodns')dnl FEATURE(`dialup', `not.a.registered.domain')dnl MASQUERADE_AS(`eskimo.com')dnl FEATURE(`masquerade_envelope')dnl MAILER(`local')dnl MAILER(`procmail')dnl MAILER(`smtp')dnl MAILER(`uucp')dnl MAILER(`bsmtp')dnl MAILER(`fido')dnl LOCAL_CONFIG Cw localhost Anyone see an "ENABLE RELAYING" statement in that config? TIA, Jim