I seem to have another problem.I had not allowed a certain domain to relay through me but I am its secondary MX but before I could sort ot out it appears that my machien forwarded the mail without question. This leaves me puzzled. I would love to have relaying denied by default but it doesn't seem to be I thought this was a default setting. the box was a suse 6.1 that I upgraded to 6.4 kernel 2.2.14.
I seem to have another problem.I had not allowed a certain domain to relay through me but I am its secondary MX but before I could sort ot out it appears that my machien forwarded the mail without question. This leaves me puzzled. I would love to have relaying denied by default but it doesn't seem to be I thought this was a default setting. the box was a suse 6.1 that I upgraded to 6.4 kernel 2.2.14.
Which version is your sendmail package (`rpm -q sendmail')? sendmail should reject relaying attempts with the latest distributions. Make sure you did not use a sendmail.cf file from an older distribution! The file that you need is /etc/mail/access (don't forget to `makemap hash /etc/mail/access < /etc/mail/access.db'!). Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
Which version is your sendmail package (`rpm -q sendmail')? sendmail version 8.9.3
sendmail should reject relaying attempts with the latest distributions.
Make sure you did not use a sendmail.cf file from an older distribution! The file that you need is /etc/mail/access (don't forget to `makemap hash /etc/mail/access < /etc/mail/access.db'!). I always rehash my db files after making changes. Besides I have also noticed that it seems to ignore certain files like genericstable.db It reads the virtuser table but access and relay-domains no way yet the lines are there in sendmail.cf lines like # Generics table (mapping outgoing addresses) Kgenerics hash -o /etc/mail/genericstable.db
# Virtual user table (maps incoming users) Kvirtuser hash -o /etc/mail/virtusertable.db # Access list database (for spam stomping) Kaccess hash -o /etc/mail/access.db
sendmail version 8.9.3
That's good.
sendmail should reject relaying attempts with the latest distributions.
Make sure you did not use a sendmail.cf file from an older distribution! The file that you need is /etc/mail/access (don't forget to `makemap hash /etc/mail/access < /etc/mail/access.db'!). I always rehash my db files after making changes. Besides I have also noticed that it seems to ignore certain files like genericstable.db It
I can't verify this behaviour. Did you follow Werner Fink's hints in /etc/mail/genericstable?
reads the virtuser table but access and relay-domains no way yet the lines are there in sendmail.cf lines like
Hmmm. I also can't verify this. Are you aware that some of the features just don't get used if you relay your mail through the server?
# Generics table (mapping outgoing addresses) Kgenerics hash -o /etc/mail/genericstable.db
# Virtual user table (maps incoming users) Kvirtuser hash -o /etc/mail/virtusertable.db
# Access list database (for spam stomping) Kaccess hash -o /etc/mail/access.db
Roman. -- - - | Roman Drahtmüller <draht@suse.de> "Caution: Cape does not | SuSE GmbH - Security enable user to fly." | Nürnberg, Germany (Batman Costume warning label) | - -
I can't verify this behaviour. Did you follow Werner Fink's hints in /etc/mail/genericstable?
you mean about the syntax of the file yes. I was trying to use it to make my mail appear to come from another account but it refused e.g the machine is wawa.eahd.or.ug but I want the mail fromaccount semat to appear to come from ksemat@uol.co.ug so I did semat ksemat@uol.co.ug and did makemap hash -f /etc/mail/genericstable.db < /etc/mail/genericstable and restarted sendmail to no avail.
Hmmm. I also can't verify this.
Are you aware that some of the features just don't get used if you relay your mail through the server?
?? I am using the server itself not relaying through it. However I had made some changes inorder to use the inflex antivirus scanner so I have attached sendmail.cf. Sorry list I couldn't think of another way.
I had a quick look at the .cf file, and I'm pretty sure my last mail is correct. You don't seem to actually have the rulesets to process the genericstable, just the definition. Also, you will probably find that mailertable and the like don't work as well. I suggest you rebuild the cf file from scratch... erm.. regards the inflex scanner, I have never seen it, but you may want to have a look at http://sourceforge.net/projects/mfilter It's a project I'm working on with a couple of others that works quite nicely as a email virus scanner... It currently uses AVP to good effect. At 07:18 PM 8/22/2000 +0300, you wrote:
I can't verify this behaviour. Did you follow Werner Fink's hints in /etc/mail/genericstable?
you mean about the syntax of the file yes. I was trying to use it to make my mail appear to come from another account but it refused e.g the machine is wawa.eahd.or.ug but I want the mail fromaccount semat to appear to come from ksemat@uol.co.ug so I did semat ksemat@uol.co.ug and did makemap hash -f /etc/mail/genericstable.db < /etc/mail/genericstable and restarted sendmail to no avail.
Hmmm. I also can't verify this.
Are you aware that some of the features just don't get used if you relay your mail through the server?
?? I am using the server itself not relaying through it. However I had made some changes inorder to use the inflex antivirus scanner so I have attached sendmail.cf. Sorry list I couldn't think of another way.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
You don't seem to actually have the rulesets to process the genericstable, just the definition. Also, you will probably find that mailertable and the like don't work as well. I suggest you rebuild the cf file from scratch... I have the sendmail book from O'Reilly and I am going to rebuild the sendmail.cf but the weird thing is that even with another box of mine with suse linux 6.4 the generics table doesn't seem to work moreover with that one I generate the sendmail from variables given in /etc/rc.config.d/sendmail.rc.config thus I would expect that genericstable should work.
yeah, sendmail.cf files can be very confusing. there are several sections, and the top bit that you are looking at (Kgenerics hash -o /etc/mail/genericstable.db) is just a definition section. that line does NOT actually USE generics, it just creates a "variable" if you like, called generics with the value of "hash -o /etc/mail/genericstable.db" the actual ruleset that applies is much further down the sendmail.cf file I highly recomend that you don't directly edit .cf files, rather rebuild from an mc macro file. Look at /etc/mail/linux.mc and at the suse manual for help with this.. it explains the whole thing fairly well. If you REALLY must edit the cf file, please buy the "Bat Book" (Sendmail by O'Reilly) and digest with alot of Tomato Sauce :) Seriously, sendmail.cf files are WAY beyond the scope of this mailing list. Try one of the sendmail lists... Cheers Peter Nixon Senior Security Consultant IT Audit & Consulting (ITAC) Pty Ltd http://www.itaudit.com.au mailto:petern@itaudit.com.au At 05:39 PM 8/22/2000 +0300, you wrote:
Which version is your sendmail package (`rpm -q sendmail')? sendmail version 8.9.3
sendmail should reject relaying attempts with the latest distributions.
Make sure you did not use a sendmail.cf file from an older distribution! The file that you need is /etc/mail/access (don't forget to `makemap hash /etc/mail/access < /etc/mail/access.db'!). I always rehash my db files after making changes. Besides I have also noticed that it seems to ignore certain files like genericstable.db It reads the virtuser table but access and relay-domains no way yet the lines are there in sendmail.cf lines like # Generics table (mapping outgoing addresses) Kgenerics hash -o /etc/mail/genericstable.db
# Virtual user table (maps incoming users) Kvirtuser hash -o /etc/mail/virtusertable.db
# Access list database (for spam stomping) Kaccess hash -o /etc/mail/access.db
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (3)
-
Nix
-
Roman Drahtmueller
-
semat@wawa.eahd.or.ug