Sendmail local only.....

Matthew Seaman m.seaman at infracaninophile.co.uk
Wed Jan 23 09:27:05 PST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Agus wrote:
 
> Maybe i wasnt clear...but with the options you gave me Giorgos i still can
> send email from localhost to external servers like hotmail for instance,
> through telnet.....I want to disable this, so it can only send mails to
> local accounts....
> This is because this will be an open server with ssh access, so anyone with
> access will be able to send mails to everywhere, so i dont want this to
> happen....

Hmm... It's actually pretty hard to stop an MTA from being able to
send e-mail, given that is what it is designed to do.

A quick fix would be to use the firewall on the box to block connection
to port 25 outgoing.  Eg. with pf(4):

   block log out on $ext_if proto tcp \
	from any to any port smtp

However this will lead to outgoing messages clogging up the mail spool
typically for five days, instead of being immediately rejected.

You could try a custom sendmail configuration without the SMTP mailer
- -- just delete the line saying:

   MAILER(smtp)

at the end of `hostname`.mc and generate a sendmail .cf file in the
usual way (ie. 'make all install')  I am however not at all sure that
even works -- sendmail documentation basically says the smtp mailer
is mandatory.

Another approach worth trying would be to use a wildcard mailertable
entry that redirects any mail back to root the local machine:


   localhost	  local:
   your.host.name local:
   .	          local:root

or replace the last line with:

   .              error:Mail to external sites not allowed

in order to reject the message instantly.  This is all untried, so
no guarantees of success, but experimenting along one or more of those
lines should achieve what you want.

	Cheers,

	Matthew


- -- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHl3jc8Mjk52CukIwRCNBvAJ941ZEAs+RnO7r0MR4S7wYH91oMWACeM01a
pGXYxBKLwcqgybnT1l1Cb1E=
=3A0Z
-----END PGP SIGNATURE-----

More information about the freebsd-questions mailing list