Re: I'm an open relay and I can't stop

• Previous message: Les Mikesell: "Re: Semi-OT: VNC Alternatives."
• In reply to: Raymond Norton: "I'm an open relay and I can't stop"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: For users of Fedora Core releases <fedora-list@redhat.com>
Date: Sat, 05 Nov 2005 10:52:02 -0600

On Sat, 2005-11-05 at 09:45, Raymond Norton wrote:
> I am running a server with Fedora core 1, using sendmail-8.12.10-1.1.1. We
> added proxsmtp to one of our firewalls, so it intercepts mail before
> sending it on to the mail server. Unfortunately, the box is acting as a
> relay server now, even though it is set up properly. We are running a
> 192.168.0, class C internally. I have to add the network in
> /etc/mail/access, or users get relaying not allowed messages, but this
> allows the proxsmtp box to act as a relay. Is there to prevent this, but
> still allow local users to send mail through the server?

Can you configure the firewall to port-forward port 25 to your
FC box instead of proxying (i.e. NAT the destination but not
the source address)? That will let sendmail see the real
source address and apply your access list rules. If not,
you may be able to add the firewall address in the access
rules as OK and the network as RELAY (not sure if a
more specific match wins but it should).

Another approach is to require SMTP authentication to relay.
This takes more setup but most current mail clients support
it and it will allow your users to send mail even if they
connect from the internet side as with a roaming laptop
or cell phone that supports internet email.

-- 
   Les Mikesell
     lesmikesell@gmail.com
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

• Previous message: Les Mikesell: "Re: Semi-OT: VNC Alternatives."
• In reply to: Raymond Norton: "I'm an open relay and I can't stop"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]