AW: [suse-security] Why does sendmail deny relaying?]
Garry Smith wrote:
Hi,
uname -a : Linux homer 2.2.16-SMP #1 SMP Wed Aug 2 20:01:21 GMT 2000 i686 unknown sendmail version: starting daemon (8.10.2): SMTP+queueing@00:30:00 (from mail log)
I also have a problem with relaying in sendmail. I would like machines from domain a, b and c to be able to use my mail server (SuSE Linux 7.0 Pro) to send mails to any other domain.
Initially I inserted domains a, b,and c into /etc/mail/relay-domains. This allowed me to pass on mails from remote clients to one of the listed domains.
Sending a mail to a domain not listed causes the following error to appear in the sender's mail client:
An error occurred while sending mail The mail server responded: 5.7.1 <Garry.Smith@computer.org>... Relaying denied. IP name lookup failed [x.x.x.x] Please check the message recipients and try again.
My log mail log file shows: Jan 17 12:40:08 homer sendmail[18328]: starting daemon (8.10.2): SMTP+queueing@0 0:30:00 Jan 17 12:40:08 homer sendmail[18328]: daemon could not open control socket /var /run/sendmail.control: Group writable directory Jan 17 12:41:23 homer sendmail[18347]: f0HCfML18347: ruleset=check_rcpt, arg1=<G arry.Smith@computer.org>, relay=[x.x.x.x], reject=550 5.7.1 <Garry.Smith@ computer.org>... Relaying denied. IP name lookup failed [x.x.x.x] Jan 17 12:41:23 homer sendmail[18347]: f0HCfML18347: from=<Garry.Smith@computer. org>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[x.x.x.x]
I have since removed the entries for /etc/mail/relay-domains. I have also commented out the sendmail.cf authentification warning entry as described in one on the recent related mails on this. # privacy flags
O PrivacyOptions=needmailhelo,novrfy,noexpn,noetrn,noverb
and restarted sendmail
I followed the instructions below and added domains A,B and C to access.db ie: a-sub-domain.a-domain ACCEPT
I then ran the Makefile and restarted sendmail. I still get the relay error listed above. The only way I can seem to get round this is if I add domains A,B and C back into /etc/mail/relay-domains file.
However, while I can then use my mail server to relay mail to those domains, I cannot relay to other un-listed domains.
How can I specify that domains A,B and C are allowed to use my mail server to relay messages to any other domain on the Internet? I must be missing something fundamental here, but can't think what?
Many thanks in advance regards
Garry
Roman Drahtmueller wrote:
If you put in access.db 212.121.144.197 ACCEPT
it will work.
Yes, and don't forget to hash the plaintextfile. Use the Makefile that I've put in the attachment. Place it in /etc/mail, go there and type make. Little gift from the 7.1 sendmail package...
Philipp
Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
------------------------------------------------------------------------ Name: Makefile Makefile Type: Plain Text (TEXT/PLAIN) Encoding: BASE64 Description: Makefile for /etc/mail
------------------------------------------------------------------------ --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (1)
-
Garry Smith