[plug] sendmail anti-relay help needed

John Summerfield summer at os2.ami.com.au
Thu Sep 17 10:34:35 WST 1998


On Tue, 15 Sep 1998, Lindsay Allen wrote:

> 
> Hello John,
> 
> Thanks for the tip.
> 
> The story is that I got picked on by ORBS for running an open relay and
> had to do something fairly fast.  I had been running 8.8.x and had just
> upgraded to 8.9.1 to see if that helped.  What I had read in the docs
> suggested that further editing was needed.
> 
> Now ORBS is off my back but my users cannot send mail.  Jeeeze!  The
> sendmail web page says that "FEATURE(relay_entire_domain)" will fix it but

As I said, the spammers can't relay off you.

I create a file emu.mc:
[root at emu cf]# cat emu.mc 
divert(-1)
include(`../m4/cf.m4')dnl
define(`confDEF_USER_ID',``8:12'')dnl
OSTYPE(`linux')dnl
define(`confTO_QUEUEWARN', 19h)dnl
define(`confTO_QUEUEWARN_NORMAL', 19h)dnl
define(`confTO_QUEUEWARN_URGENT', 12h)dnl
define(`confTO_QUEUEWARN_NONURGENT', 24h)dnl
DOMAIN(`Summerfield')dnl
undefine(`UUCP_RELAY')dnl
undefine(`BITNET_RELAY')dnl
define(`SMART_HOST',`os2.ami.com.au')dnl
define(`ALIAS_FILE',`/etc/mail/aliases')dnl
FEATURE(redirect)dnl
FEATURE(nouucp)dnl
FEATURE(relay_local_from)dnl
dnl FEATURE(
dnl FEATURE(
dnl FEATURE(
FEATURE(always_add_domain)dnl
FEATURE(domaintable)dnl
FEATURE(relay_entire_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(local_procmail)dnl
FEATURE(masquerade_entire_domain)dnl
MASQUERADE_AS(OS2.ami.com.au)dnl
MASQUERADE_DOMAIN(os2.ami.com.au)dnl

dnl HACK(check_mail3,`hash -a at JUNK /etc/mail/deny')dnl
dnl HACK(use_ip,`/etc/mail/ip_allow')dnl
dnl HACK(use_names,`/etc/mail/name_allow')dnl
dnl HACK(use_relayto,`/etc/mail/relay_allow')dnl
dnl HACK(check_rcpt4)dnl
dnl HACK(check_relay3)dnl

MAILER(procmail)dnl
MAILER(smtp)dnl
[root at emu cf]# 

DOMAIN refers to:
[root at emu cf]# cat /usr/lib/sendmail-cf/domain/Summerfield.m4
divert(-1)
#

#
#  The following is a generic domain file.  You should be able to
#  use it anywhere.  If you want to customize it, copy it to a file
#  named with your domain and make the edits; then, copy the appropriate
#  .mc files and change `DOMAIN(generic)' to reference your updated domain
#  files.
#
divert(0)
VERSIONID(`@(#)Summerfield.m4   8.3 (Berkeley) 3/24/96')
define(`confFORWARD_PATH', `$z/.forward.$w:$z/.forward')dnl
undefine(`UUCP_RELAY')
undefine(`BITNET_RELAY')
FEATURE(redirect)dnl
FEATURE(use_cw_file)dnl
FEATURE(always_add_domain)dnl

[root at emu cf]# 


emu does my internetting and relays via os2.ami.com.au which has a similar
config, but doesn't need to use a relay.

Note that lines beginning "dnl" are comments: mostly vestiges from an
earlier sendmail.

I build it thus:
[root at emu cf]# cat mk
#!/bin/sh
m4 /usr/lib/sendmail-cf/m4/cf.m4 /usr/lib/sendmail-cf/cf/emu.mc >/usr/lib/sendmail-cf/cf/emu.cf
less /usr/lib/sendmail-cf/cf/emu.cf
echo mv /usr/lib/sendmail-cf/cf/emu.cf /etc/sendmail.cf


Note the last line's an echo so I can mark & paste should I decide I like
it.

Additionally I have
[root at emu cf]# ls /etc/mail
total 64
drwxr-xr-x   2 root     root         1024 Sep 14 10:21 .
drwxr-xr-x  25 root     root         3072 Sep 16 19:58 ..
-rw-r--r--   1 root     root          206 Jun  3 22:17 Makefile
-rw-r--r--   1 root     root            0 May 21 00:52 access
-rw-r--r--   1 root     root        16384 Sep 14 10:27 access.db
-rw-r--r--   1 root     root         1281 Aug 31 12:19 aliases
-rw-r--r--   1 root     root        16384 Sep 14 10:27 aliases.db
-rw-r--r--   1 root     root          628 Jun  3 22:16 deny
-rw-r--r--   1 root     root        16384 Jun  3 22:20 deny.db
-rw-r--r--   1 root     root            0 May 21 00:52 domaintable
-rw-r--r--   1 root     root        16384 Sep 14 10:27 domaintable.db
-rw-r--r--   1 root     root          148 May  9 22:14 ip_allow
-rw-r--r--   1 root     root            0 Jun  3 21:40 ip_deny
-rw-r--r--   1 root     root            0 May 21 00:52 mailertable
-rw-r--r--   1 root     root        16384 Sep 14 10:27 mailertable.db
-rw-r--r--   1 root     root            0 May 21 00:52 majordomo
-rw-r--r--   1 root     root            0 Jun  3 21:41 name_allow
-rw-r--r--   1 root     root            0 May 21 00:52 relay-domains
-rw-r--r--   1 root     root            0 Jun  3 21:40 relay_allow
-rw-r--r--   1 root     root            0 May 21 00:52 sendmail.ct
-rw-r--r--   1 root     root           63 Sep 14 10:21 sendmail.cw
-r--r--r--   1 root     mail         5174 May 21 00:52 sendmail.hf
-rw-r--r--   1 root     root            0 May 21 00:52 virtusertable
-rw-r--r--   1 root     root        16384 Sep 14 10:27 virtusertable.db
[root at emu cf]# 

Of these, I've only changed one:
[root at emu cf]# cat /etc/mail/sendmail.cw
possum.os2.ami.com.au
emu.os2.ami.com.au
quokka.os2.ami.com.au
[root at emu cf]# 


> I cannot find how to actually implement it.
> 
> I tried editing sendmail.mc like this:
> 
> OSTYPE(debian)dnl
> FEATURE(accept_unqualified_senders)dnl
> FEATURE(relay_entire_domain)dnl
> FEATURE(masquerade_envelope)dnl
> 
> and then ran sendmailconfig.  No joy for some reason, though the
> "FEATURE(accept_unqualified_senders) bit worked.


My config relays well. I have one problem though: if I use sendmail  direct
to mail to the outside world, I get addresses rewritten okay BUT when emu
talks to os2.ami.com.au, it says mail's coming from summer at emu... which
doesn't resolve and so gets bounced back to me.

However, as you can see, mail sent with pine's fine. If anyone's got any
idea (other than mentioning myself as a trusted user in sendmail.cf),
please say so.



Cheers
John Summerfield
http://os2.ami.com.au/os2/ for OS/2 support.
Configuration, networking, combined IBM ftpsites index.



More information about the plug mailing list