FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 02-10-2010, 03:20 PM
"Simon Billis"
 
Default sendmail mail relay backscatter issue. Resolved

Dear Les et al,

Thanks for your assistance with this thorny issue. I have finally resolved
the problem by utilising the following:

1) I have added to the access map of sendmail all the domains that accept
mail for any user, user@domain for those email accounts that exist and hosts
that are internal to my network which will send mail via these boxes e.g.
internalhost RELAY
domain1 RELAY
user@domain2 RELAY
user@domain1 RELAY

2) I then appended to the end of this file reject lines to reject mail to
unknown users e.g.

domain2 REJECT

So now my access map looks like this:
internalhost RELAY
domain1 RELAY
user@domain2 RELAY
user@sub.domain1 RELAY
domain2 REJECT
sub.domain1 REJECT


3) I created a relay-domains file and added to that all the domains that I
was going to relay for e.g.

domain1
domain2
etc.

4) restarted sendmail (which rebuilt access.db and allowed sendmail to read
in the relay-domains file)

My mail scanners now accept mail for relay/scanning from my internal hosts
to any address, from external hosts to mail accounts that exist and to any
account at a domain that has a catch all account setup. All other mail is
rejected with either "Access denied" or Mailbox for this user is disabled".

All this was achieved using a shell script to find the domains from the
qmail server (pop host) and parse the .qmail-* files for each domain and
account and build the relevant files. As this is a live service which has
the potential to change this script is run via cron on a regular basis to
catch the changes. Currently on the pop host this takes about 10 mins to run
as it is trawling the filesystem for changes (due to legacy accounts being
manually created outside of out provisioning tools negating the opportunity
to use the database that exists.)

Thanks again for your help and comments, they were and continue to be very
useful.

Rgds

Simon.



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 07:16 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org