?
Solved

Fedora Core 5 Configuration as SMTP Relay

Posted on 2006-06-11
7
Medium Priority
?
956 Views
Last Modified: 2008-01-16
I'm trying to configure a few Fedora Core 5 computers to act as SMTP relay servers. However, I've never used Linux for that before, so I'm not sure where to start. My question is: what is the best (free) program to use as an SMTP relay, and how do I configure it to relay mail for only a few computers within a known IP range? Also, what is the easiest way to configure it to only allow SSH from a given IP and to block out all traffic not associated with SMTP (ie - SMTP and DNS)?

Thanks in advance!!!
0
Comment
Question by:phoenix706
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 26

Expert Comment

by:jar3817
ID: 16882738
Ask 5 people here what the best email server software is and you'll get 5 different answers. For a relay on fedora I would suggest Sendmail. It probably is already installed with fedora if you chose to include "mail server" in setup.

To set sendmail to relay for specific ip or set of ips you'll need to edit the /etc/mail/access file. CD into /etc/mail and add lines like this to the access file:

123.45.67.8    relay
123.45.67.9    relay
etc...

then just run "make" in that folder to recreate the database from the file and restart sendmail (/etc/rc.d/init.d/sendmail restart).

To block access to certain ports you'll need to use the iptables firewall. You can edit the rules directory or by editing /etc/sysconfig/iptables and restarting iptables when finished (/etc/rc.d/init.d/iptables restart). You'll want tcp/25 open to the world (if receiving mail) or just your network for sending. For dns you'll need udp/53 open.
0
 
LVL 26

Accepted Solution

by:
jar3817 earned 2000 total points
ID: 16882760
forgot the iptables rules....

to allow incoming mail add something like this to your /etc/sysconfig/iptables file:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT

To allow from specific ips:
-A INPUT -s 10.1.1.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
* where 10.1.1.0/24 is your subnet you want to accept mail from

as for dns:
-A INPUT -p udp -m udp --dport 53 -j ACCEPT

for ssh from your computer:
-A INPUT -s 10.1.1.1/32 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
* assuming your computer's address is 10.1.1.1

Then just restart iptables and you should be in business.
0
 

Author Comment

by:phoenix706
ID: 16883120
Awesome :-)

I'll try these out tomorrow and let you know how things go.
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 26

Expert Comment

by:jar3817
ID: 16885055
thinking more about it.... you may need to change sendmail's config.

open up /etc/mail/sendmail.mc and look for a line like this:
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

If you see it, comment it out by putting a dnl in front. This command causes sendmail only to listen on the localhost interface which won't let other hosts connect to it. Once you make that change backup your orginal sendmail.cf (cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.orig) and recreate it based on the mc file (m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf). Then restart sendmail and it should work.
0
 

Author Comment

by:phoenix706
ID: 16891429
I have the SMTP running perfectly now, but I'm having some trouble with the iptables file. I added the lines from above, but I can still connect from a computer via SSH other than the ones specified in the iptables file. Below if the current contents of iptables. I'm pretty sure I just need to remove or modify a few of the lines, but I'm not sure which ones to change. Thanks for the help!!!

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.20.35.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.20.35.0/24 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.0.0/27 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
0
 
LVL 26

Expert Comment

by:jar3817
ID: 16893666
"-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT"

Second from the bottom...this was probably in the file by default and lets anyone connect via ssh. Remove that line to stop "everyone" from being able to ssh in.

I also see this line (twice):
"-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT"
This allows everyone to connect to your smtp server. This is fine if this computer accepts mail for a domain of yours, but if this is only an outgoing relay you'll want to get rid of those lines too.
0
 

Author Comment

by:phoenix706
ID: 16896585
Awesome! Thanks!
0

Featured Post

WordPress Tutorial 1: Installation & Setup

WordPress is a very popular option for running your web site and can be used to get your content online quickly for the world to see. This guide will walk you through installing the WordPress server software and the initial setup process.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question