Sendmail - Is there a way to block all emails from being relayed, except the ones that are on the virtuser list? : linux, sendmail, Sendmail version 8.13.3, config V10/Berkeley

May 17, 2008 09:30am pdt

1. jar3817 19,165
2. Nopius 18,975
3. RaulDias 16,875
4. PsiCop 16,575
5. _jesper_ 10,600
6. war1 9,100
7. kieran_b 8,000
8. fgrushevsky 6,290
9. grblades 5,500
10. hielo 5,375
11. mwecompu... 4,500
12. kenfcamp 4,150
13. nplib 4,000
14. Abs_jaipur 3,000
15. Bibliophage 2,800
15. Norush 2,800

1. jlevie 347,626
2. PsiCop 243,064
3. anfi 85,387
4. jar3817 64,574
5. Nopius 64,125
6. kenfcamp 47,413
7. markt9 39,546
8. Sembee 28,311
9. war1 25,775
10. it_alche... 25,390
11. samri 25,291
12. grblades 22,095
13. _jesper_ 20,800
14. HalldorG 18,447
15. ygoutham 17,675

02.12.2008 at 03:38PM PST, ID: 23158199

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

8.6

Sendmail - Is there a way to block all emails from being relayed, except the ones that are on the virtuser list?

Zones: SendMail Email Server, Linux Administration, Email Servers

Tags: linux, sendmail, Sendmail version 8.13.3, config V10/Berkeley

Is there a way to block all emails from being relayed, except the ones that are on the virtuser list?

My server gets at lot of emails that I do not know were they come from but they are being forwarded to outside domains and the from address is not from our users.... this is not our smtp server is just receives the emails for some domains that we have hosted on this server and forwards to our mail sever and in some cases to outside email accounts (not in our servers)... My question is can I use my virtuser list to validate the outgoing addresses? If it's not listed there it should not be forwared to anywhere it must be discarted... Any help would be appreciated...

Spam control is set but it does not seem to work unless I list the TO address and select REJECT but I can do this to all like today when i looked it had over 1000 emails in queue... If I try to set that server as SMTP from anywhere it does not allow the email to be relayed thru it... So i have no idea where does emails I caming from...

Start your free trial to view this solution

Question Stats

Zone: Software

Question Asked By: ITMiami

Solution Provided By: JustUNIX

Participating Experts: 2

Solution Grade: A

Translate:

Loading Advertisement...

Microsoft

Internet Protocols
Applications

Development
OS

Hardware
Windows Security

Apple

Operating Systems
Hardware

Programming
Networking

Software

Internet

Search Engines
File Sharing
WebTrends / Stats
Spy / Ad Blockers

Web Browsers
New Net Users
Web Development
Chat / IM

Anti Spam
Web Servers
Anti-Virus
Email Clients

Gamers

Tips
Online / MMORPG
Puzzle
Emulators

Action / Adventure
Role Playing
Consoles
Game Programming

Strategy
Sports
Misc
Computer Games

Digital Living

Hardware
New Net Users
New Users

Software
Digital Music
Gaming World

Home Security
Apple
Networking Hardware

Virus & Spyware

Vulnerabilities
IDS
Encryption
Anti-Virus

Operating Systems Security
Software Firewalls
WebApplications
Cell Phones

Operating Systems
Internet
Hardware Firewalls

Hardware

Handhelds / PDAs
Displays / Monitors
Components
Networking Hardware

Peripherals
Laptops/Notebooks
Storage
Servers

Desktops
New Users
Misc
Apple

Software

System Utilities
Industry Specific
Network Management
Photos / Graphics
Page Layout
VMWare
Misc
Web Development

OS
CYGWIN
Voice Recognition
Message Queue
Quality Assurance
Security
Firewalls
MultiMedia Applications

Development
Database
Office / Productivity
Business Management
OS/2 Apps
Server Software
Internet / Email

ITPro

OS
Storage
Encryption
Operating Systems Security
Apple Hardware
Laptops & Notebooks
Servers
Networking Hardware
Peripherals

Devices
Displays / Monitors
WebTrends / Stats
Search Engines
Firewalls
WebApplications
IDS
Vulnerabilities
Email Clients

File Sharing
Spy / Ad Blockers
Web Browsers
Web Servers
Networking
Anti-Virus
Chat / IM
Anti Spam

Developer

Web Servers
Web Browsers
Game Programming
Dev Tools
Industry Specific
Office / Productivity

Database
CYGWIN
Web Development
Search Engines
File Sharing
WebTrends / Stats

Programming
Content Management
Application Servers
Protocols

Storage

Removable Backup Media
Storage Technology
Servers

Grid
Remote Access
Backup / Restore

Misc
Hard Drives

Miscellaneous
Security
Development
Linux
VMWare

MainFrame OS
Unix
Apple
OS / 2
AS / 400

BeOS
Microsoft
VMS / OpenVMS

Database

Oracle
Miscellaneous
MySQL
Software
Sybase
Contact Management
PostgreSQL
Data Manipulation
Clarion
InterSystems Cache

Siebel
MUMPS
OLAP
SQLBase
SAS
GIS & GPS
4GL
Berkeley DB
DB2
Informix

Interbase / Firebird
FoxPro
Reporting
LDAP
Filemaker Pro
MS SQL Server
dBase
MS Access

Security

Misc
Web Browsers
Software Firewalls
Operating Systems Security
File Sharing

Spy / Ad Blockers
Vulnerabilities
WebApplications
IDS
Anti-Virus

Encryption
Anti Spam
Email Clients
VPN
Chat / IM

Programming

Editors IDEs
Installation
Handhelds / PDAs
Multimedia Programming
System / Kernel

Algorithms
Game
Signal Processing
Project Management
Open Source

Database
Misc
Languages
Processor Platforms
Theory

Web Development

Scripting
Blogs
Web Servers
Software
Search Engines
Web Graphics
Images

Internet Marketing
Images and Photos
Components
Document Imaging
Web Languages/Standards
Illustration
WebApplications

Fonts
WebTrends / Stats
Authoring
Digital Camera Software
Miscellaneous

Networking

Protocols
Apple Networking
Network Management
Message Queue
Application Servers
Content Management
File Servers
Email Servers
Misc
Java Editors & IDEs

Wireless
Networking Hardware
Backup / Restore
System Utilities
ISPs & Hosting
Web Servers
Storage Technology
Removable Backup Media
Servers
Broadband

Grid
OS / 2
Novell Netware
Unix Networking
Windows Networking
Security
Telecommunications
Operating Systems
Linux Networking

Other

Community Advisor
Lounge
Community Support
New Net Users

Philosophy / Religion
Math / Science
Miscellaneous
URLs

Expert Lounge
Politics
Puzzles / Riddles

Community Support

Suggestions
New to EE
New Topics
Community Advisor

CleanUp
Announcements
General

Feedback
Input
EE Bugs

02.13.2008 at 01:33AM PST, ID: 20882817

JustUNIX:

Usually, the default configuration for sendmail is NOT to relay emails.

First of all: Do you use M4 to setup your sendmail config or do you
tweak sendmail.cfg manually? You should use m4
a) Change into you directory with you config file *.mc
# cd /usr/lib/sendmail-cf/cf/
Make a copy from the *.mc file for your OS, using any name you like.
# cp <osfile>.mc <myfile>.mc
b) Check to disable uucp and bitnet relay and include some features:
undefine(`UUCP_RELAY')dnl
undefine(`BITNET_RELAY')dnl
FEATURE(`access_db', hash -T<TMPF> -o /etc/mail/access)dnl
FEATURE(`virtusertable', hash -o /etc/mail/virtusertable)dnl
c) Create your sendmail.cf
# make <myfile>.cf

Accepted Solution

02.13.2008 at 01:35AM PST, ID: 20882826

JustUNIX:

... copy <myfile>.cf to sendmail.cf:
# cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.SAVE
# cp <myfile>.cf /etc/mail/sendmail.cf
and restart sendmail
# /etc/rc.d/init.d/sendmail stop ; /etc/rc.d/init.d/sendmail start

02.13.2008 at 01:45AM PST, ID: 20882874

Rank: Master

Nopius:

> So i have no idea where does emails I caming from...

First we should find the source of your spam emails and only then do some actions.

1) What is in your /etc/mail/access ?
2) What is in /var/log/maillog for that mails that are coming from nowhere?
in maillog find a 'from' line with unknown address, then find a message id, it's just before "from", like 'sendmail[32376]: m1CH6oDL032376: from=<xx@xxx.xx>' here message id is 'm1CH6oDL032376', then find all entries in your maillog with the same message id 'grep m1CH6oDL032376 /var/log/maillog'.

If you have problems with interpreting such log lines, post them here.

Most probably some of your clients are infected so the allow relay email through them. Also that's possible that one of your clients hosts open mail relay and uses your server for forwarding mail.

Assisted Solution

02.14.2008 at 12:03AM PST, ID: 20891715

ITMiami:

Thanks for the replies: I use M4 to configure sendmail

here is the current one:

dnl# This is the default sendmail .mc file for Slackware. To generate
dnl# the sendmail.cf file from this (perhaps after making some changes),
dnl# use the m4 files in /usr/share/sendmail/cf like this:
dnl#
dnl# cp sendmail-slackware.mc /usr/share/sendmail/cf/config.mc
dnl# cd /usr/share/sendmail/cf
dnl# sh Build config.cf
dnl#
dnl# You may then install the resulting .cf file:
dnl# cp config.cf /etc/mail/sendmail.cf
dnl#
include(`../m4/cf.m4')
VERSIONID(`default setup for Slackware Linux')dnl
OSTYPE(`linux')dnl
dnl# These settings help protect against people verifying email addresses
dnl# at your site in order to send you email that you probably don't want:
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
dnl# Uncomment the line below to send outgoing mail through an external server:
dnl define(`SMART_HOST',`mailserver.example.com')
dnl# No timeout for ident:
define(`confTO_IDENT', `0')dnl
dnl# Enable the line below to use smrsh to restrict what sendmail can run:
dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
dnl# See the README in /usr/share/sendmail/cf for a ton of information on
dnl# how these options work:
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
FEATURE(`relay_mail_from')dnl
dnl#FEATURE(`dnsbl',`relays.ordb.org', `Rejected - see http://ordb.org/')dnl
dnl#FEATURE(`dnsbl',`bl.spamcop.net',`Rejected - see http://spamcop.net/')dnl
FEATURE(`dnsbl',`sbl.spamhaus.org',`Rejected -see http://www.spamhaus.org/')dnl
dnl# Turn this feature on if you don't always have DNS, or enjoy junk mail:
dnl FEATURE(`accept_unresolvable_domains')dnl
EXPOSED_USER(`root')dnl
dnl# Also accept mail for localhost.localdomain:
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl#INPUT_MAIL_FILTER(`clamav-milter', `S=local:/var/run/clamav/clamav-dnl#milter.sock, F=, T=S:4m;R:4m')dnl
dnl#define(`confINPUT_MAIL_FILTERS', `clamav-milter')
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

02.14.2008 at 12:24AM PST, ID: 20891783

ITMiami:

Here is a section of the log with some of the emails:

Dec 30 15:28:52 ns1 sm-mta[24861]: lBUKSmNH024861: from=<jquutyhoiav@ifh.com>, size=4061, class=0, nrcpts=1, msgid=<507801c84b24$0e1d5b90$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:28:53 ns1 sm-mta[24860]: lBUKSmWH024860: from=<jquutyhoiav@ifh.com>, size=3858, class=0, nrcpts=1, msgid=<507701c84b24$0e1d5b90$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:28:53 ns1 sm-mta[24866]: lBUKSmNH024861: to=<46c7151f.5060004@MYDOMAIN.com>, delay=00:00:03, xdelay=00:00:01, mailer=esmtp, pri=124061, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKiwYo019268 Message accepted for delivery)
Dec 30 15:28:53 ns1 sm-mta[24868]: lBUKSmWH024860: to=<46c713fc.8070500@MYDOMAIN.com>, delay=00:00:03, xdelay=00:00:00, mailer=esmtp, pri=123858, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKiwRM019270 Message accepted for delivery)
Dec 30 15:28:55 ns1 sm-mta[18996]: lBTDZnij029625: to=<zemily@boneglove.com>, delay=1+06:53:06, xdelay=00:03:09, mailer=esmtp, pri=6241987, relay=boneglove.com. [209.246.220.10], dsn=4.0.0, stat=Deferred: Connection timed out with boneglove.com.
Dec 30 15:29:00 ns1 sm-mta[24869]: lBUKSsV8024869: from=<jquutyhoiav@ifh.com>, size=3803, class=0, nrcpts=1, msgid=<508f01c84b24$12a8d720$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:00 ns1 sm-mta[24870]: lBUKSsll024870: from=<jquutyhoiav@ifh.com>, size=4122, class=0, nrcpts=1, msgid=<509001c84b24$12a8d720$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:00 ns1 sm-mta[24887]: lBUKSsV8024869: to=<0.dedicated@MYDOMAIN.com>, delay=00:00:03, xdelay=00:00:00, mailer=esmtp, pri=123803, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKj6J9019298 Message accepted for delivery)
Dec 30 15:29:00 ns1 sm-mta[24889]: lBUKSsll024870: to=<46c71668.5060004@MYDOMAIN.com>, delay=00:00:03, xdelay=00:00:00, mailer=esmtp, pri=124122, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKj6U6019299 Message accepted for delivery)
Dec 30 15:29:01 ns1 sm-mta[24871]: lBUKSt1I024871: from=<jquutyhoiav@ifh.com>, size=3805, class=0, nrcpts=1, msgid=<509301c84b24$12d628b0$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:01 ns1 sm-mta[24891]: lBUKSt1I024871: to=<46c7170a.5060004@MYDOMAIN.com>, delay=00:00:03, xdelay=00:00:00, mailer=esmtp, pri=123805, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKj6h8019302 Message accepted for delivery)
Dec 30 15:29:01 ns1 sm-mta[4038]: lBQ7FZTD004726: to=<darrow@pinkponk.com>, delay=4+13:13:26, xdelay=00:03:09, mailer=esmtp, pri=22082644, relay=pinkponk.com. [213.229.249.143], dsn=4.0.0, stat=Deferred: Connection timed out with pinkponk.com.
Dec 30 15:29:01 ns1 sm-mta[4038]: lBQ8O0YO007965: to=<simply@infoback.com>, delay=4+12:05:01, xdelay=00:00:00, mailer=esmtp, pri=22173522, relay=no.com., dsn=4.0.0, stat=Deferred: Connection refused by no.com.
Dec 30 15:29:01 ns1 sm-mta[4038]: lBQ6JCjx002259: to=<benjamin@pinkponk.com>, delay=4+14:09:49, xdelay=00:00:00, mailer=esmtp, pri=22533160, relay=pinkponk.com., dsn=4.0.0, stat=Deferred: Connection timed out with pinkponk.com.
Dec 30 15:29:01 ns1 sm-mta[4038]: lBQ5lFsu000951: to=<changho2ephraim0@olgafilippova.com>, delay=4+14:41:46, xdelay=00:00:00, mailer=esmtp, pri=22621844, relay=mail.olgafilippova.com., dsn=4.0.0, stat=Deferred: Connection timed out with mail.olgafilippova.com.
Dec 30 15:29:01 ns1 sm-mta[4038]: lBQ5NoCM032581: to=<huey@pinkponk.com>, delay=4+15:05:11, xdelay=00:00:00, mailer=esmtp, pri=22803015, relay=pinkponk.com., dsn=4.0.0, stat=Deferred: Connection timed out with pinkponk.com.
Dec 30 15:29:04 ns1 sm-mta[24885]: lBUKSx3I024885: from=<jr131@bellsouth.net>, size=3815, class=0, nrcpts=1, msgid=<066a01c84b24$170ec950$7eb5c3d5@Rosalyn>, proto=SMTP, daemon=MTA, relay=gate.npnet.org [213.195.181.126]
Dec 30 15:29:04 ns1 sm-mta[24896]: lBUKSx3I024885: to=root, delay=00:00:03, xdelay=00:00:00, mailer=local, pri=34021, dsn=2.0.0, stat=Sent
Dec 30 15:29:06 ns1 sm-mta[24893]: lBUKT2Ag024893: from=<jquutyhoiav@ifh.com>, size=3936, class=0, nrcpts=1, msgid=<509f01c84b24$1645d400$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:06 ns1 sm-mta[24894]: lBUKT2xZ024894: from=<jquutyhoiav@ifh.com>, size=3989, class=0, nrcpts=1, msgid=<50a001c84b24$16484500$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:06 ns1 sm-mta[24895]: lBUKT2GI024895: from=<jquutyhoiav@ifh.com>, size=3939, class=0, nrcpts=1, msgid=<50a201c84b24$1670dba0$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:06 ns1 sm-mta[24899]: lBUKT2Ag024893: to=<admin@MYDOMAIN.com>, delay=00:00:02, xdelay=00:00:00, mailer=esmtp, pri=123936, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKjCnB019313 Message accepted for delivery)
Dec 30 15:29:07 ns1 sm-mta[24901]: lBUKT2xZ024894: to=<aer@MYDOMAIN.com>, delay=00:00:03, xdelay=00:00:01, mailer=esmtp, pri=123989, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKjCsv019315 Message accepted for delivery)
Dec 30 15:29:07 ns1 sm-mta[24903]: lBUKT2GI024895: to=<agm@MYDOMAIN.com>, delay=00:00:03, xdelay=00:00:01, mailer=esmtp, pri=123939, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKjCXb019317 Message accepted for delivery)
Dec 30 15:29:12 ns1 sm-mta[24905]: lBUKT7HS024905: from=<jquutyhoiav@ifh.com>, size=3881, class=0, nrcpts=1, msgid=<50b101c84b24$19cfe520$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:12 ns1 sm-mta[24904]: lBUKT7Iu024904: from=<jquutyhoiav@ifh.com>, size=3922, class=0, nrcpts=1, msgid=<50b001c84b24$19cfe520$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:12 ns1 sm-mta[24908]: lBUKT7HS024905: to=<bo_crisostomo@MYDOMAIN.com>, delay=00:00:02, xdelay=00:00:00, mailer=esmtp, pri=123881, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKjHfw019331 Message accepted for delivery)
Dec 30 15:29:12 ns1 sm-mta[24910]: lBUKT7Iu024904: to=<anta@MYDOMAIN.com>, delay=00:00:02, xdelay=00:00:00, mailer=esmtp, pri=123922, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKjIdF019332 Message accepted for delivery)
Dec 30 15:29:12 ns1 sm-mta[24906]: lBUKT82E024906: from=<jquutyhoiav@ifh.com>, size=3678, class=0, nrcpts=1, msgid=<50b401c84b24$19ec6dd0$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:13 ns1 sm-mta[24912]: lBUKT82E024906: to=<dedicated@MYDOMAIN.com>, delay=00:00:03, xdelay=00:00:01, mailer=esmtp, pri=123678, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKjISv019335 Message accepted for delivery)
Dec 30 15:29:16 ns1 sm-mta[24920]: ruleset=check_relay, arg1=CPE-75-81-145-172.wi.res.rr.com, arg2=75.81.145.172, relay=CPE-75-81-145-172.wi.res.rr.com [75.81.145.172], reject=550 5.7.1 Access denied
Dec 30 15:29:16 ns1 sm-mta[24921]: ruleset=check_relay, arg1=CPE-75-81-145-172.wi.res.rr.com, arg2=75.81.145.172, relay=CPE-75-81-145-172.wi.res.rr.com [75.81.145.172], reject=550 5.7.1 Access denied
Dec 30 15:29:16 ns1 sm-mta[24922]: ruleset=check_relay, arg1=CPE-75-81-145-172.wi.res.rr.com, arg2=75.81.145.172, relay=CPE-75-81-145-172.wi.res.rr.com [75.81.145.172], reject=550 5.7.1 Access denied
Dec 30 15:29:16 ns1 sm-mta[24923]: ruleset=check_relay, arg1=CPE-75-81-145-172.wi.res.rr.com, arg2=75.81.145.172, relay=CPE-75-81-145-172.wi.res.rr.com [75.81.145.172], reject=550 5.7.1 Access denied
Dec 30 15:29:16 ns1 sm-mta[24924]: ruleset=check_relay, arg1=CPE-75-81-145-172.wi.res.rr.com, arg2=75.81.145.172, relay=CPE-75-81-145-172.wi.res.rr.com [75.81.145.172], reject=550 5.7.1 Access denied
Dec 30 15:29:16 ns1 sm-mta[24925]: ruleset=check_relay, arg1=CPE-75-81-145-172.wi.res.rr.com, arg2=75.81.145.172, relay=CPE-75-81-145-172.wi.res.rr.com [75.81.145.172], reject=550 5.7.1 Access denied
Dec 30 15:29:17 ns1 sm-mta[24914]: lBUKTDnt024914: from=<jquutyhoiav@ifh.com>, size=3814, class=0, nrcpts=1, msgid=<50be01c84b24$1cb7c2d0$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:17 ns1 sm-mta[24913]: lBUKTDcw024913: from=<jquutyhoiav@ifh.com>, size=3934, class=0, nrcpts=1, msgid=<50bd01c84b24$1cb551d0$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:17 ns1 sm-mta[24930]: ruleset=check_relay, arg1=CPE-75-81-145-172.wi.res.rr.com, arg2=75.81.145.172, relay=CPE-75-81-145-172.wi.res.rr.com [75

Thanks once again JUSTUNIX & NOPIUS

02.14.2008 at 12:35AM PST, ID: 20891819

ITMiami:

Here is my access files:

ttnet.net.tr      REJECT
85.104.44.112      REJECT
pldt.net            REJECT
asianet.co.th      REJECT
rzeszow.mm.pl      REJECT
tj.cn            REJECT
t-ipconnect.de      REJECT
belchatow.msk.pl      REJECT
telkom.net.id      REJECT
internetdsl.tpnet.pl      REJECT
mtu-net.ru      REJECT
primorye.ru      REJECT
airtelbroadband.in      REJECT
bol.net.in            REJECT
From:skings.net.co      OK
From:etbing.net.co      OK
rr.com            REJECT
happenhealth.com      REJECT
vtr.net            REJECT
mts-nn.ru            REJECT
virtua.com.br      REJECT

I don't know... This server is not used as SMTP by any client, if just acts as a MX for some domains and forwards all mail to another server on the network, there are no users here other than FTP accounts... I wish I could somehow use the virtusertable rules to validate emails coming in to the server if it's not listed there just discart the emails

Thanks anyway

02.14.2008 at 04:16AM PST, ID: 20892652

JustUNIX:

a) The feature `relay_mail_from' uses entries in your access map in the form
From: xyz RELAY
See http://www.sendmail.org/m4/anti_spam.html#relay
b) You should not use
LOCAL_DOMAIN(`localhost.localdomain')
as you already have activated
FEATURE(`use_cw_file')

Remove the line or change it do read
dnl LOCAL_DOMAIN(`localhost.localdomain')
and check your /etc/mail/local-host-names file to include the domain names
you relay email for.
See http://www.sendmail.org/m4/features.html#use_cw_file

02.14.2008 at 04:43AM PST, ID: 20892762

Rank: Master

Nopius:

Hi, ITMiami.

I found you are using VERY dangerous FEATURE(`relay_mail_from')dnl

http://www.sendmail.org/~ca/email/roaming.html

"This should only be used if absolutely necessary as sender address can be easily forged."

With this feature your mail host _is_ an open relay. That's an open door for spamers.

Your logs above are not enough to find who is sending that mails to not your domain.
Please do grep in entire log and find all lines with job ids:

grep lBTDZnij029625 maillog*
grep lBQ7FZTD004726 maillog*

Due to long delay I can't point out what is the source of such messages.

BTW I found my ISP's mail domain in your REJECT list.

02.14.2008 at 04:57AM PST, ID: 20892826

JustUNIX:

I think you should start
- disable LOCAL_DOMAIN (as stated above)
- make a backup copy of your /etc/mail/access file
- remove all entries from /etc/mail/access except the two "From:" entries
(if you really want to use the "relay_mail_from" feature)
- enter all host names (domain names) you relay for into /etc/mail/local-host-names
and proceed from there.

02.14.2008 at 05:43AM PST, ID: 20893101

ITMiami:

THanks Again guys,

JustUNIX, what should I enter on /etc/mail/local-host-names:

1 - the domains that are hosted on this server
or
2 - the domains that this server connects to deliver the emails ex: bellsouth.net, ao.com etc

thanks

02.14.2008 at 05:47AM PST, ID: 20893126

JustUNIX:

The domains you relay for

Meaning: All the domains that must be either in the "from:" or "to:" fields of an email

20080236-EE-VQP-29 / EE_QW_2_20070628