Classnotes | UNIX02 | RecentChanges | Preferences No diff available--this is the first major revision.
(no other diffs)Before we break today, we should look at some "gotchas" to be aware of with respect to Sendmail.
Many older versions of Sendmail come with open relaying enabled by default. However, if you are using any reasonably modern Linux or BSD (from within the last four years or so) Sendmail will have open relaying disabled by default.
Because there may be a number of times when relaying is needed in a limitted or controlled way, Sendmail has had several relaying features added. The access database is perhaps the safest way to enable controlled relaying, and it is covered on page 592 of the book. However, some quick methods that may be fraught with problems follow:
These allow relaying across your local domain, a list of domains, a file containing a list of domains, or a list contained in the access database respectively. You will need to make an exception if you use SMART_HOST or MAIL_HUB designations to route mail through. The server which relays will have to have the FEATURE(`relay_entire_domain') enabled.
These features are all fraught with problems. promiscuous_relay will turn your server into an open relay. Do not use it. relay_based_on_MX can be problematic because you do not control what sites point their MX at you, thus forgeries can be quite simple. loose_relay_check will solve many configuration headaches elsewhere, but allows a "% hack" form of addressing spammers abuse (see page 518). relay_local_from trusts the from address associated with the message, and can be very easily forged (in fact, on many servers which are misconfigured, this is the #1 source of spam).
Local Delivery Only
Occassionally, you will encounter a system which, by default, only allows local mail to be delivered locally. This means users on the system can send mail to other users on the system, and to the outside world, but external mail is rejected.
If you find a system which is behaving this way, the following entry is the likely culprit in your sendmail.mc file: