Make your own free website on Tripod.com
 

Allowing controlled SMTP relaying in Sendmail 8.9

As of sendmail version 8.9, forwarding of SMTP messages is not permitted by default. For example, if you are on site A.COM, you will not accept mail from B.NET destined for C.ORG without special arrangements. These instructions assume that you are using the M4 technique for creating your sendmail.cf files; if you are not, you are on your own.

The simplest approach is to list the domains you are willing to relay in the file /etc/mail/relay-domains. Anything listed in this file will be accepted for relaying. N.B.: Sendmail must be restarted after this file is modified.

For more precise tuning, several FEATUREs have been added to control relaying:

Several other features are probably a bad idea, unless you are inside a firewall, because they make your system vulnerable to abuse by spammers:

The Access Database

The access database (normally in /etc/mail/access) allows a mail administrator to administratively allow access to the mail server by individual domains. Each database entry consists of a domain name or network number as the key and an action as the value.

Keys can be a fully or partly qualified host or domain name such as host.subdomain.domain.com, subdomain.domain.com, or domain.com. The last two forms match any host or subdomain under the specified domain. (If FEATURE(relay_hosts_only) is set, only the first form works.) Keys can also be a network address or subnetwork, e.g., 205.199.2.250, 205.199.2, or 205.199. The latter two forms match any host in the indicated subnetwork. Lastly, keys can be user@host.domain to reject mail from a specific user.

Values can be REJECT to refuse connections from this host, DISCARD to accept the message but silently discard it (the sender will think it has been accepted), OK to allow access (overriding other built-in checks), RELAY to allow access including relaying SMTP through your machine, or an arbitrary message to reject the mail with the customized message.

For example, a database might contain:

cyberpromo.com  REJECT
sendmail.org    RELAY
spam@buyme.com  550 Spammers shan't see sunlight here

to reject all mail from any host in the
cyberpromo.com
domain,
allow any relaying to or from any host in the
sendmail.org
domain,
and reject mail from
spam@buyme.com
with a specific message.