sendmail: open-relay
Peter Ulrich Kruppa
ulrich at pukruppa.net
Mon Jan 4 13:18:00 UTC 2010
Am Montag, den 04.01.2010, 13:02 +0000 schrieb Matthew Seaman:
> Peter Ulrich Kruppa wrote:
> > Hi,
> >
> > I am running my own small mail-server, i.e. I use my desktop pc for
> > sending and receiving my private mails.
> > That worked quite nicely the last years. From time to time I tested
> my
> > mail-server via abuse.net's mail-relay tester. - Never got any
> > positives.
> > Now suddenly I receive one:
> > This is a test of third-party mail relay, generated via the
> > Network Abuse Clearinghouse at http://www.abuse.net.
> >
> > Target host = 213.146.114.24 pukruppa.net
> > Test performed by <ulrich at pukruppa.net> from
> 213.146.114.24
> >
> > A well-configured mail server should NOT relay third-party
> > email.
> > Otherwise, the server is subject to abuse by vandals and
> > spammers,
> > and probable blacklisting by recipients of the unwanted
> > third-party
> > e-mail.
> > Of course I had some fun trying to read sendmail's documentation.
> But I
> > guess I need some help with this.
> >
> > I am running FreeBSD -STABLE 8.0 amd64 .
> > I don't think I ever played around with sendmail's configuration. I
> just
> > use it as came out of the box.
> >
> > Any ideas?
>
> Plenty. But it would help a great deal if you showed us your
> ${hostname}.mc.
> The default sendmail config in FreeBSD isn't an open relay. In fact,
> it takes a bit of effort to make sendmail do open relay type stuff
> nowadays,
> and there are big fat warnings in the docco
> (/usr/share/sendmail/cf/README)
> about most of those.
O.K. this is my complete pukruppa.net.mc
--------------------------------------------
divert(-1)
#
# Copyright (c) 1983 Eric P. Allman
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights
reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the
distribution.
# 3. All advertising materials mentioning features or use of this
software
# must display the following acknowledgement:
# This product includes software developed by the University of
# California, Berkeley and its contributors.
# 4. Neither the name of the University nor the names of its
contributors
# may be used to endorse or promote products derived from this
software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS''
AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
#
# This is a generic configuration file for FreeBSD 5.X and later
systems.
# If you want to customize it, copy it to a name appropriate for your
# environment and do the modifications there.
#
# The best documentation for this .mc file is:
# /usr/share/sendmail/cf/README or
# /usr/src/contrib/sendmail/cf/README
#
divert(0)
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.34.2.3 2008/08/31
18:26:27
gshapiro Exp $')
OSTYPE(freebsd6)
DOMAIN(generic)
FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')
dnl Uncomment to allow relaying based on your MX records.
dnl NOTE: This can allow sites to use your server as a backup MX without
dnl your permission.
dnl FEATURE(relay_based_on_MX)
dnl DNS based black hole lists
dnl --------------------------------
dnl DNS based black hole lists come and go on a regular basis
dnl so this file will not serve as a database of the available servers.
dnl For that, visit
dnl http://www.google.com/Top/Computers/Internet/E-mail/Spam/Blacklists/
dnl Uncomment to activate Realtime Blackhole List
dnl information available at http://www.mail-abuse.com/
dnl NOTE: This is a subscription service as of July 31, 2001
dnl FEATURE(dnsbl)
dnl Alternatively, you can provide your own server and rejection
message:
dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', ``"550 Mail from "
$&{client_add
r} " rejected, see http://mail-abuse.org/cgi-bin/lookup?"
$&{client_addr}'')
dnl Dialup users should uncomment and define this appropriately
dnl define(`SMART_HOST', `your.isp.mail.server')
dnl Uncomment the first line to change the location of the default
dnl /etc/mail/local-host-names and comment out the second line.
dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw')
define(`confCW_FILE', `-o /etc/mail/local-host-names')
dnl Enable for both IPv4 and IPv6 (optional)
DAEMON_OPTIONS(`Name=IPv4, Family=inet')
DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')
define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
MAILER(local)
MAILER(smtp)
-----------------------------------------
Greetings
Uli.
>
> Cheers,
>
> Matthew
>
More information about the freebsd-questions
mailing list