I could use a nudge in the right direction. I was called a while back from someone at my ISP telling me that I was running an open relay and that my machine was spamming. I thought I had that fixed, but apparently not. I went through and did the Documented file on this site (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/SMTP-Auth.html)
I was under the impression that with AUTH set, that anyone trying to relay mail through my server would require a login and pass. It works great for that, but it is rejecting mail from the outside world TO users in my system. I haven't had the machine on in months, because I just got frustrated.
I would greatly appreciate any help.
/etc/mail/access:
/etc/mail/hermes.mc:
I was under the impression that with AUTH set, that anyone trying to relay mail through my server would require a login and pass. It works great for that, but it is rejecting mail from the outside world TO users in my system. I haven't had the machine on in months, because I just got frustrated.
I would greatly appreciate any help.
/etc/mail/access:
Code:
by default we allow relaying from localhost...
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
192.168.1 RELAY
# Allow Connect from local server IPs
Connect:192.168.1 OK
# Accept Mail
# paypal.com OK
# Reject Mail
posterclub@e.allposters.com REJECT
posterclub@email.allposters.com REJECT
plastmarket.com REJECT/etc/mail/hermes.mc:
Code:
divert(-1)
divert(0)
VERSIONID(`$FreeBSD: release/9.0.0/etc/sendmail/freebsd.mc 223068 2011-06-14 04:33:43Z gshapiro $')
OSTYPE(freebsd6)
DOMAIN(generic)
FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')
FEATURE(relay_entire_domain)
FEATURE(`authinfo')dnl
MASQUERADE_AS(`SpreadSpectrum.net')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`masquerade_entire_domain')dnl
dnl FEATURE(`SMART_HOST', `spreadspectrum.net')dnl
dnl Uncomment to allow relaying based on your MX records.
dnl NOTE: This can allow sites to use your server as a backup MX without
dnl your permission.
dnl FEATURE(relay_based_on_MX)
dnl DNS based black hole lists
dnl --------------------------------
dnl DNS based black hole lists come and go on a regular basis
dnl so this file will not serve as a database of the available servers.
dnl For that, visit
dnl http://www.google.com/Top/Computers/Internet/E-mail/Spam/Blacklists/
dnl Uncomment to activate your chosen DNS based blacklist
dnl FEATURE(dnsbl, `dnsbl.example.com')
dnl Alternatively, you can provide your own server and rejection message:
dnl FEATURE(dnsbl, `dnsbl.example.com', ``"550 Mail from " $&{client_addr} " rejected'')
dnl Dialup users should uncomment and define this appropriately
dnl define(`SMART_HOST', `your.isp.mail.server')
dnl Uncomment the first line to change the location of the default
dnl /etc/mail/local-host-names and comment out the second line.
dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw')
define(`confCW_FILE', `-o /etc/mail/local-host-names')
dnl Enable for both IPv4 and IPv6 (optional)
dnl DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Port=465, Name=MTA-TLS, M=a')dnl
DAEMON_OPTIONS(`Name=IPv4, Port=25, Family=inet, Modifiers=a, Name=MTA-TLS')
DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')
define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
dnl set SASL options
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
dnl SSL Options
define(`confCACERT_PATH',`/etc/CertAuth')dnl
define(`confCACERT',`/etc/CertAuth/new.crt')dnl
define(`confSERVER_CERT',`/etc/CertAuth/new.crt')dnl
define(`confSERVER_KEY',`/etc/CertAuth/myca.key')dnl
define(`confTLS_SRV_OPTIONS', `V')dnl
MAILER(local)
MAILER(smtp)