Sendmail - Is there a way to block all emails from being relayed, except the ones that are on the virtuser list?

Is there a way to block all emails from being relayed, except the ones that are on the virtuser  list?

My server gets at lot of emails that I do not know were they come from but they are being forwarded to outside domains and the from address is not from our users.... this is not our smtp server is just receives the emails for some domains that we have hosted on this server and forwards to our mail sever and in some cases to outside email accounts (not in our servers)... My question is can I use my virtuser list to validate the outgoing addresses? If it's not listed there it should not be forwared to anywhere it must be discarted... Any help would be appreciated...

Spam control is set but it does not seem to work unless I list the TO address and select REJECT but I can do this to all like today when i looked it had over 1000 emails in queue... If I try to set that server as SMTP from anywhere it does not allow the email to be relayed thru it... So i have no idea where does emails I caming from...
ITMiamiAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Hanno P.S.Connect With a Mentor IT Consultant and Infrastructure ArchitectCommented:
Usually, the default configuration for sendmail is NOT to relay emails.

First of all: Do you use M4 to setup your sendmail config or do you
tweak sendmail.cfg manually? You should use m4
a) Change into you directory with you config file *.mc
    # cd /usr/lib/sendmail-cf/cf/
    Make a copy from the *.mc file for your OS, using any name you like.
    # cp  <osfile>.mc  <myfile>.mc
b) Check to disable uucp and bitnet relay and include some features:
    undefine(`UUCP_RELAY')dnl
    undefine(`BITNET_RELAY')dnl
    FEATURE(`access_db', hash -T<TMPF> -o /etc/mail/access)dnl
    FEATURE(`virtusertable', hash -o /etc/mail/virtusertable)dnl
c) Create your sendmail.cf
    # make  <myfile>.cf
0
 
Hanno P.S.IT Consultant and Infrastructure ArchitectCommented:
... copy <myfile>.cf to sendmail.cf:
    # cp /etc/mail/sendmail.cf  /etc/mail/sendmail.cf.SAVE
    # cp <myfile>.cf /etc/mail/sendmail.cf
and restart sendmail
    # /etc/rc.d/init.d/sendmail stop ; /etc/rc.d/init.d/sendmail start
0
 
NopiusConnect With a Mentor Commented:
> So i have no idea where does emails I caming from...

First we should find the source of your spam emails and only then do some actions.

1) What is in your /etc/mail/access ?
2) What is in /var/log/maillog for that mails that are coming from nowhere?
in maillog find a 'from' line with unknown address, then find a message id, it's just before "from", like  'sendmail[32376]: m1CH6oDL032376: from=<xx@xxx.xx>' here message id is 'm1CH6oDL032376', then find all entries in your maillog with the same message id 'grep m1CH6oDL032376 /var/log/maillog'.

If you have problems with interpreting such log lines, post them here.

Most probably some of your clients are infected so the allow relay email through them. Also that's possible that one of your clients hosts open mail relay and uses your server for forwarding mail.
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
ITMiamiAuthor Commented:
Thanks for the replies: I use M4 to configure sendmail

here is the current one:

dnl# This is the default sendmail .mc file for Slackware.  To generate
dnl# the sendmail.cf file from this (perhaps after making some changes),
dnl# use the m4 files in /usr/share/sendmail/cf like this:
dnl#
dnl# cp sendmail-slackware.mc /usr/share/sendmail/cf/config.mc
dnl# cd /usr/share/sendmail/cf
dnl# sh Build config.cf
dnl#
dnl# You may then install the resulting .cf file:
dnl# cp config.cf /etc/mail/sendmail.cf
dnl#
include(`../m4/cf.m4')
VERSIONID(`default setup for Slackware Linux')dnl
OSTYPE(`linux')dnl
dnl# These settings help protect against people verifying email addresses
dnl# at your site in order to send you email that you probably don't want:
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
dnl# Uncomment the line below to send outgoing mail through an external server:
dnl define(`SMART_HOST',`mailserver.example.com')
dnl# No timeout for ident:
define(`confTO_IDENT', `0')dnl
dnl# Enable the line below to use smrsh to restrict what sendmail can run:
dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
dnl# See the README in /usr/share/sendmail/cf for a ton of information on
dnl# how these options work:
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
FEATURE(`relay_mail_from')dnl
dnl#FEATURE(`dnsbl',`relays.ordb.org', `Rejected - see http://ordb.org/')dnl
dnl#FEATURE(`dnsbl',`bl.spamcop.net',`Rejected - see http://spamcop.net/')dnl
FEATURE(`dnsbl',`sbl.spamhaus.org',`Rejected -see http://www.spamhaus.org/')dnl
dnl# Turn this feature on if you don't always have DNS, or enjoy junk mail:
dnl FEATURE(`accept_unresolvable_domains')dnl
EXPOSED_USER(`root')dnl
dnl# Also accept mail for localhost.localdomain:
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl#INPUT_MAIL_FILTER(`clamav-milter', `S=local:/var/run/clamav/clamav-dnl#milter.sock, F=, T=S:4m;R:4m')dnl
dnl#define(`confINPUT_MAIL_FILTERS', `clamav-milter')
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
0
 
ITMiamiAuthor Commented:
Here is a section of the log with some of the emails:

Dec 30 15:28:52 ns1 sm-mta[24861]: lBUKSmNH024861: from=<jquutyhoiav@ifh.com>, size=4061, class=0, nrcpts=1, msgid=<507801c84b24$0e1d5b90$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:28:53 ns1 sm-mta[24860]: lBUKSmWH024860: from=<jquutyhoiav@ifh.com>, size=3858, class=0, nrcpts=1, msgid=<507701c84b24$0e1d5b90$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:28:53 ns1 sm-mta[24866]: lBUKSmNH024861: to=<46c7151f.5060004@MYDOMAIN.com>, delay=00:00:03, xdelay=00:00:01, mailer=esmtp, pri=124061, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKiwYo019268 Message accepted for delivery)
Dec 30 15:28:53 ns1 sm-mta[24868]: lBUKSmWH024860: to=<46c713fc.8070500@MYDOMAIN.com>, delay=00:00:03, xdelay=00:00:00, mailer=esmtp, pri=123858, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKiwRM019270 Message accepted for delivery)
Dec 30 15:28:55 ns1 sm-mta[18996]: lBTDZnij029625: to=<zemily@boneglove.com>, delay=1+06:53:06, xdelay=00:03:09, mailer=esmtp, pri=6241987, relay=boneglove.com. [209.246.220.10], dsn=4.0.0, stat=Deferred: Connection timed out with boneglove.com.
Dec 30 15:29:00 ns1 sm-mta[24869]: lBUKSsV8024869: from=<jquutyhoiav@ifh.com>, size=3803, class=0, nrcpts=1, msgid=<508f01c84b24$12a8d720$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:00 ns1 sm-mta[24870]: lBUKSsll024870: from=<jquutyhoiav@ifh.com>, size=4122, class=0, nrcpts=1, msgid=<509001c84b24$12a8d720$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:00 ns1 sm-mta[24887]: lBUKSsV8024869: to=<0.dedicated@MYDOMAIN.com>, delay=00:00:03, xdelay=00:00:00, mailer=esmtp, pri=123803, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKj6J9019298 Message accepted for delivery)
Dec 30 15:29:00 ns1 sm-mta[24889]: lBUKSsll024870: to=<46c71668.5060004@MYDOMAIN.com>, delay=00:00:03, xdelay=00:00:00, mailer=esmtp, pri=124122, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKj6U6019299 Message accepted for delivery)
Dec 30 15:29:01 ns1 sm-mta[24871]: lBUKSt1I024871: from=<jquutyhoiav@ifh.com>, size=3805, class=0, nrcpts=1, msgid=<509301c84b24$12d628b0$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:01 ns1 sm-mta[24891]: lBUKSt1I024871: to=<46c7170a.5060004@MYDOMAIN.com>, delay=00:00:03, xdelay=00:00:00, mailer=esmtp, pri=123805, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKj6h8019302 Message accepted for delivery)
Dec 30 15:29:01 ns1 sm-mta[4038]: lBQ7FZTD004726: to=<darrow@pinkponk.com>, delay=4+13:13:26, xdelay=00:03:09, mailer=esmtp, pri=22082644, relay=pinkponk.com. [213.229.249.143], dsn=4.0.0, stat=Deferred: Connection timed out with pinkponk.com.
Dec 30 15:29:01 ns1 sm-mta[4038]: lBQ8O0YO007965: to=<simply@infoback.com>, delay=4+12:05:01, xdelay=00:00:00, mailer=esmtp, pri=22173522, relay=no.com., dsn=4.0.0, stat=Deferred: Connection refused by no.com.
Dec 30 15:29:01 ns1 sm-mta[4038]: lBQ6JCjx002259: to=<benjamin@pinkponk.com>, delay=4+14:09:49, xdelay=00:00:00, mailer=esmtp, pri=22533160, relay=pinkponk.com., dsn=4.0.0, stat=Deferred: Connection timed out with pinkponk.com.
Dec 30 15:29:01 ns1 sm-mta[4038]: lBQ5lFsu000951: to=<changho2ephraim0@olgafilippova.com>, delay=4+14:41:46, xdelay=00:00:00, mailer=esmtp, pri=22621844, relay=mail.olgafilippova.com., dsn=4.0.0, stat=Deferred: Connection timed out with mail.olgafilippova.com.
Dec 30 15:29:01 ns1 sm-mta[4038]: lBQ5NoCM032581: to=<huey@pinkponk.com>, delay=4+15:05:11, xdelay=00:00:00, mailer=esmtp, pri=22803015, relay=pinkponk.com., dsn=4.0.0, stat=Deferred: Connection timed out with pinkponk.com.
Dec 30 15:29:04 ns1 sm-mta[24885]: lBUKSx3I024885: from=<jr131@bellsouth.net>, size=3815, class=0, nrcpts=1, msgid=<066a01c84b24$170ec950$7eb5c3d5@Rosalyn>, proto=SMTP, daemon=MTA, relay=gate.npnet.org [213.195.181.126]
Dec 30 15:29:04 ns1 sm-mta[24896]: lBUKSx3I024885: to=root, delay=00:00:03, xdelay=00:00:00, mailer=local, pri=34021, dsn=2.0.0, stat=Sent
Dec 30 15:29:06 ns1 sm-mta[24893]: lBUKT2Ag024893: from=<jquutyhoiav@ifh.com>, size=3936, class=0, nrcpts=1, msgid=<509f01c84b24$1645d400$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:06 ns1 sm-mta[24894]: lBUKT2xZ024894: from=<jquutyhoiav@ifh.com>, size=3989, class=0, nrcpts=1, msgid=<50a001c84b24$16484500$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:06 ns1 sm-mta[24895]: lBUKT2GI024895: from=<jquutyhoiav@ifh.com>, size=3939, class=0, nrcpts=1, msgid=<50a201c84b24$1670dba0$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:06 ns1 sm-mta[24899]: lBUKT2Ag024893: to=<admin@MYDOMAIN.com>, delay=00:00:02, xdelay=00:00:00, mailer=esmtp, pri=123936, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKjCnB019313 Message accepted for delivery)
Dec 30 15:29:07 ns1 sm-mta[24901]: lBUKT2xZ024894: to=<aer@MYDOMAIN.com>, delay=00:00:03, xdelay=00:00:01, mailer=esmtp, pri=123989, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKjCsv019315 Message accepted for delivery)
Dec 30 15:29:07 ns1 sm-mta[24903]: lBUKT2GI024895: to=<agm@MYDOMAIN.com>, delay=00:00:03, xdelay=00:00:01, mailer=esmtp, pri=123939, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKjCXb019317 Message accepted for delivery)
Dec 30 15:29:12 ns1 sm-mta[24905]: lBUKT7HS024905: from=<jquutyhoiav@ifh.com>, size=3881, class=0, nrcpts=1, msgid=<50b101c84b24$19cfe520$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:12 ns1 sm-mta[24904]: lBUKT7Iu024904: from=<jquutyhoiav@ifh.com>, size=3922, class=0, nrcpts=1, msgid=<50b001c84b24$19cfe520$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:12 ns1 sm-mta[24908]: lBUKT7HS024905: to=<bo_crisostomo@MYDOMAIN.com>, delay=00:00:02, xdelay=00:00:00, mailer=esmtp, pri=123881, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKjHfw019331 Message accepted for delivery)
Dec 30 15:29:12 ns1 sm-mta[24910]: lBUKT7Iu024904: to=<anta@MYDOMAIN.com>, delay=00:00:02, xdelay=00:00:00, mailer=esmtp, pri=123922, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKjIdF019332 Message accepted for delivery)
Dec 30 15:29:12 ns1 sm-mta[24906]: lBUKT82E024906: from=<jquutyhoiav@ifh.com>, size=3678, class=0, nrcpts=1, msgid=<50b401c84b24$19ec6dd0$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:13 ns1 sm-mta[24912]: lBUKT82E024906: to=<dedicated@MYDOMAIN.com>, delay=00:00:03, xdelay=00:00:01, mailer=esmtp, pri=123678, relay=ns2.MYDOMAIN.com. [MYIP.12], dsn=2.0.0, stat=Sent (lBUKjISv019335 Message accepted for delivery)
Dec 30 15:29:16 ns1 sm-mta[24920]: ruleset=check_relay, arg1=CPE-75-81-145-172.wi.res.rr.com, arg2=75.81.145.172, relay=CPE-75-81-145-172.wi.res.rr.com [75.81.145.172], reject=550 5.7.1 Access denied
Dec 30 15:29:16 ns1 sm-mta[24921]: ruleset=check_relay, arg1=CPE-75-81-145-172.wi.res.rr.com, arg2=75.81.145.172, relay=CPE-75-81-145-172.wi.res.rr.com [75.81.145.172], reject=550 5.7.1 Access denied
Dec 30 15:29:16 ns1 sm-mta[24922]: ruleset=check_relay, arg1=CPE-75-81-145-172.wi.res.rr.com, arg2=75.81.145.172, relay=CPE-75-81-145-172.wi.res.rr.com [75.81.145.172], reject=550 5.7.1 Access denied
Dec 30 15:29:16 ns1 sm-mta[24923]: ruleset=check_relay, arg1=CPE-75-81-145-172.wi.res.rr.com, arg2=75.81.145.172, relay=CPE-75-81-145-172.wi.res.rr.com [75.81.145.172], reject=550 5.7.1 Access denied
Dec 30 15:29:16 ns1 sm-mta[24924]: ruleset=check_relay, arg1=CPE-75-81-145-172.wi.res.rr.com, arg2=75.81.145.172, relay=CPE-75-81-145-172.wi.res.rr.com [75.81.145.172], reject=550 5.7.1 Access denied
Dec 30 15:29:16 ns1 sm-mta[24925]: ruleset=check_relay, arg1=CPE-75-81-145-172.wi.res.rr.com, arg2=75.81.145.172, relay=CPE-75-81-145-172.wi.res.rr.com [75.81.145.172], reject=550 5.7.1 Access denied
Dec 30 15:29:17 ns1 sm-mta[24914]: lBUKTDnt024914: from=<jquutyhoiav@ifh.com>, size=3814, class=0, nrcpts=1, msgid=<50be01c84b24$1cb7c2d0$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:17 ns1 sm-mta[24913]: lBUKTDcw024913: from=<jquutyhoiav@ifh.com>, size=3934, class=0, nrcpts=1, msgid=<50bd01c84b24$1cb551d0$90f0f147@Vicente>, proto=SMTP, daemon=MTA, relay=pool-71-241-240-144.washdc.fios.verizon.net [71.241.240.144]
Dec 30 15:29:17 ns1 sm-mta[24930]: ruleset=check_relay, arg1=CPE-75-81-145-172.wi.res.rr.com, arg2=75.81.145.172, relay=CPE-75-81-145-172.wi.res.rr.com [75



Thanks once again JUSTUNIX & NOPIUS
0
 
ITMiamiAuthor Commented:
Here is my access files:

ttnet.net.tr      REJECT
85.104.44.112      REJECT
pldt.net            REJECT
asianet.co.th      REJECT
rzeszow.mm.pl      REJECT
tj.cn            REJECT
t-ipconnect.de      REJECT
belchatow.msk.pl      REJECT
telkom.net.id      REJECT
internetdsl.tpnet.pl      REJECT
mtu-net.ru      REJECT
primorye.ru      REJECT
airtelbroadband.in      REJECT
bol.net.in            REJECT
From:skings.net.co      OK
From:etbing.net.co      OK
rr.com            REJECT
happenhealth.com      REJECT
vtr.net            REJECT
mts-nn.ru            REJECT
virtua.com.br      REJECT


I don't know... This server is not used as SMTP by any client, if just acts as a MX for some domains and forwards all mail to another server on the network, there are no users here other than FTP accounts... I wish I could somehow use the virtusertable rules to validate emails coming in to the server if it's not listed there just discart the emails

Thanks anyway
0
 
Hanno P.S.IT Consultant and Infrastructure ArchitectCommented:
a) The feature `relay_mail_from' uses entries in your access map in the form
      From: xyz     RELAY
   See http://www.sendmail.org/m4/anti_spam.html#relay
b) You should not use
      LOCAL_DOMAIN(`localhost.localdomain')
    as you already have activated
      FEATURE(`use_cw_file')

    Remove the line or change it do read
      dnl LOCAL_DOMAIN(`localhost.localdomain')
    and check your /etc/mail/local-host-names file to include the domain names
    you relay email for.
    See http://www.sendmail.org/m4/features.html#use_cw_file
0
 
NopiusCommented:
Hi, ITMiami.

I found you are using VERY dangerous FEATURE(`relay_mail_from')dnl

http://www.sendmail.org/~ca/email/roaming.html

"This should only be used if absolutely necessary as sender address can be easily forged."

With this feature your mail host _is_ an open relay. That's an open door for spamers.

Your logs above are not enough to find who is sending that mails to not your domain.
Please do grep in entire log and find all lines with job ids:

grep lBTDZnij029625 maillog*
grep lBQ7FZTD004726 maillog*

Due to long delay I can't point out what is the source of such messages.

BTW I found my ISP's mail domain in your REJECT list.

0
 
Hanno P.S.IT Consultant and Infrastructure ArchitectCommented:
I think you should start
- disable LOCAL_DOMAIN (as stated above)
- make a backup copy of your /etc/mail/access file
- remove all entries from /etc/mail/access except the two "From:" entries
  (if you really want to use the "relay_mail_from" feature)
- enter all host names (domain names) you relay for into /etc/mail/local-host-names
and proceed from there.
0
 
ITMiamiAuthor Commented:
THanks Again guys,

JustUNIX,  what should I enter on /etc/mail/local-host-names:

1 -  the domains that are hosted on this server
or
2 - the domains that this server connects to deliver the emails ex: bellsouth.net, ao.com etc

thanks
0
 
Hanno P.S.IT Consultant and Infrastructure ArchitectCommented:
The domains you relay for

Meaning: All the domains that must be either in the "from:" or "to:" fields of an email
0
All Courses

From novice to tech pro — start learning today.