Re: sendmail relaying on FreeeBSD 5.4

From: John Rushford (jrushford21_at_comcast.net)
Date: 05/18/05

  • Next message: Patrick TJ McPhee: "Re: finding sysname with getenv" 
    Date: Tue, 17 May 2005 20:30:07 -0600

    John Rushford wrote:
    >
    > John Rushford wrote:
    >
    >> Greetings,
    >>
    >> I have a mail server running FreeBSD 5.4 and assumed that relaying was
    >> denied by default. I have found that on my machine that this is not
    >> the case, the machine will relay email. The only change that I made
    >> was to add smtp authentication, handbook procedure, to the m4
    >> configuration file. I found that a misconfigured mail client not
    >> setup with smtp authentication could still send email through the
    >> machine.
    >>
    >> Can someone help me with the configuration info I need to deny
    >> relaying and only allow clients that authenticate to send email
    >> through the machine. I have looked through the handbook and cannot
    >> find this info.
    >>
    >> thanks
    >> John Rushford
    >> jjr@alisa.org
    >
    >
    > I found the problem, relaying is denied if you are using smtp. I didn't
    > mention that I am using stunnel on this server and that the mail client
    > is setup to use SSL smtps on port 465. When the client sends an email
    > to port 465 after it gets thru the SSL wrapper the email is then sent to
    > smtp port 25 and the relay host is then identified as localhost and the
    > email gets through un-authenticated.
    >
    > Is this a bug? How can I configure the mail server to require
    > authentication even when coming from localhost as I do not want people
    > to use may email server as relay via SSL and port 465?
    >
    > thanks
    > John Rushford
    > jjr@alisa.org

    Ok, I have my own thread going :)

    I found and tested a solution for the problem. On my main network
    interface I created an alias using an RFC 1918 IP address such as
    192.168.0.1. Then in the stunnel.conf file, I added this configuration
    entry and re-started stunnel:

    local = 192.168.0.1

    Now stunnel binds the outgoing IP to 192.168.0.1 instead of 127.0.0.1
    and the un-wrapped email relay is identified by sendmail as 192.168.0.1.
      Since its not listed in relay-domains the email is rejected with the
    message "Relaying denied" if the client does not authenticate.

    Does anyone see any problem with this method?

    Sorry for posting my trouble shooting here but perhaps it might help
    someone else.

  • Next message: Patrick TJ McPhee: "Re: finding sysname with getenv"

    Relevant Pages

    • Re: sendmail relaying on FreeeBSD 5.4
      ... John Rushford wrote: ... > Can someone help me with the configuration info I need to deny relaying ... is setup to use SSL smtps on port 465. ... How can I configure the mail server to require ...
      (comp.unix.bsd.freebsd.misc)
    • Re: help understand relaying and authentication
      ... access on the SMTP virtual server that receives internet mail, ... Current versions of Exchange are configured out of the box with relaying ... mail server, then other mail servers fail to send email to me... ...
      (microsoft.public.exchange.admin)
    • Re: SmtpException with email form
      ... Google would allow relaying through their mail server. ... Try use 127.0.0.1 as your SMTP host instead. ... EmailMessage is the System.Net.Mail.SmtpClient ...
      (microsoft.public.dotnet.framework.aspnet)
    • [SLE] SuSE7.2. Using authenticated smtp smart relay from sendmail ?
      ... I running a sendmail relaying mail server under SuSE 7.2 and it works ... a growing number of places are only accepting mail connections ...
      (SuSE)
    • Quantcast