TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TCLUG:17174] Sendmail AntiRelaying
As has been mentioned previously, the mechanism for restricting SMTP
relay within sendmail differ. You need at least version 8.8. Version
8.10 is the current release.
Checking for an open relay is pretty easy. First, log in to a machine
outside your network, someplace that your SMTP server should consider
"the outside world" and thus hostile (or at least worthy of greater
scruitiny).
Then use "telnet" to talk to your SMTP server. Mine is known as
mx.snookles.com. The stuff I actually type has a ">>> " prefix; don't
try typing it yourself. :-)
% telnet mx.snookles.com 25
Trying 137.192.130.129...
Connected to mx.snookles.com.
Escape character is '^]'.
220 fw.snookles.com ESMTP Sendmail Pro-8.10.0.Beta2/Pro-8.10.0.Beta2; Wed, 3 May 2000 13:22:44 -0500 (CDT)
>>> helo asdf
250 fw.snookles.com Hello fritchie@freenet.msp.mn.us [206.8.96.2], pleased to meet you
>>> mail from: <foo@bar.com>
250 2.1.0 <foo@bar.com>... Sender ok
>>> rcpt to: <foo@bar.com>
550 5.7.1 <foo@bar.com>... Relaying denied
>>> quit
221 2.0.0 fw.snookles.com closing connection
Connection closed by foreign host.
Note that I'm not following the SMTP RFCs to the letter, e.g. incomplete
"HELO" info, not using uppercase. The big thing you're looking for is
a
permanent error code, 5xx, when listing a recipient that your server
isn't responsible for delivering to. If you get a "250" sender ok
response, you've got an open relay.
-Scott