Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
Re: [suse-security] Sendmail on 9.0
  • From: Holger Grebener <holger.grebener@xxxxxxxxxx>
  • Date: Wed, 10 Mar 2004 10:47:47 +0100
  • Message-id: <200403101047.47829.holger.grebener@xxxxxxxxxx>
Am Mittwoch, 10. März 2004 09:59 schrieb edwin:
> Let me give the ilustration
>
> Internet
>
> | mail server
> |
> |-----------------
>
> SuSE-Firewall
>
> |--
> |
> |--
>
> Internal LAN
>
> The SuSEFirewall machine have two ethernet primarily use for Firewall and
> proxy using 7.3. One ethernet card have the same subnet with mail server,
> and the other have internal address. The mail server I just upgrade it
> using 9.0 sendmail 8.12.10 it also running SuSEfirewall2.
>
> When I send an email from internal LAN (using kmail, outlook express or
> whatever)using smtp at mail server it shows the message that the address I
> send to was Reject because Relaying Deny for the to address ( 550 5.7.1
> <user@xxxxx>... Relaying denied).
>
>
> I put the name of our domain in /etc/mail/relay-domains already, also
> I put the IP and name of domain /etc/mail/access already,
> Sendmail.cf setup also very basic build by SuSEconfig,with Cw and DM set to
> my domain.
> It used to work when I used 7.3
> However I can receive all the email from the outside, it looks like the
> smtp only receive the email to our address, but not to send it to the
> internet.

a. It will send mails into the internet whose destination is in your domain.
To send mails to other destinations you must specifically assign those
workstations that are allowed to (Anti-Spam!).

b. Does your firewall masquerade? If so you should put the IP address of its
external interface into /etc/mail/relay-domains.

c. If your firewall does not masquerade: You put the name of your domain
into /etc/mail/relay-domains. Can your external mail server resolve internal
workstation names? If not it can not see that your workstations are belonging
to this domain. To test this you could insert the IP of one workstation
into /etc/mail/relay-domains and look if this workstation can send now.

d. If internal workstation names are resolvable by your external mail server,
perhaps sendmail does not understand regular expressions in /etc/mail/
relay-domains. I do not know how to change this behaviour. The insertion of
all workstations into /etc/relay-domains can circumvent it (not an elegant
solution).

I hope this helps.

--
_/_/_/_/_/ _/_/
_/ _/ _/
_/ _/ _/ With kind regards
_/ _/ _/ Tielbürger Datentechnik GmbH
_/ _/ _/
_/ _/ _/ Dipl.-Math. Holger Grebener
_/ _/_/_/


< Previous Next >
Follow Ups
References