by I have sendmail 8.12.8 running on Solaris 8 accepting mail for around
400 domains (in relay-domains file). I filter the email for spam
and viruses, then forward the email on to the customers MTA (via
mailertable.)
All has been going quite well for the last 18 months but today one of my
customers alerted me to the fact that he could relay through my server.
Even though I only allow relaying to the domains of my customers, he was
able to send emails to his mother-in-law on worldnet.att.net, not in my
relay-domains file.
# echo "/map mailertable worldnet.att.net" | /usr/lib/sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> map_lookup: mailertable (worldnet.att.net) no match (0)
>
#
As you can see from the log entries, he did it from two different
workstations - same class C block.
Mar 20 14:52:46 hbg-serveredx sendmail[20502]: [ID 801593 mail.info]
nrcpts=1,
proto=SMTP, daemon=MTA-v4, relay=mutts.ardemgaz.com [12.109.201.17]
Mar 20 14:53:03 hbg-serveredx sendmail[20600]: [ID 801593 mail.info]
xdelay=00:00:16, mailer=esmtp, pri=120106,
relay=gateway2.worldnet.att.net. [12.102.240.23], dsn=2.0.0, stat=Sent
(ok ; id=200303201952471140023h3fe)
Mar 20 14:59:55 hbg-serveredx sendmail[25222]: [ID 801593 mail.info]
nrcpts=1,
proto=SMTP, daemon=MTA-v4, relay=ads.ardemgaz.com [12.109.201.9]
Mar 20 15:00:13 hbg-serveredx sendmail[25426]: [ID 801593 mail.info]
xdelay=00:00:16, mailer=esmtp, pri=120106,
relay=gateway2.worldnet.att.net. [12.102.240.23], dsn=2.0.0, stat=Sent
(ok ; id=2003032019595701300d1dh2e)
I get hundreds of relay attempts every day (yesterday ~700 relay attempts
vs 244000 emails successfully sent through the server) but this is the
first evidence I've seen of relaying allowed. Here is my sendmail.mc
divert(0)dnl
VERSIONID(`$Id: generic-solaris.mc,v 8.13 2001/06/27 21:46:30 gshapiro
Exp $')
OSTYPE(solaris8)dnl
DOMAIN(generic)dnl
define(`confTO_IDENT',`0s')dnl
define(`confMILTER_LOG_LEVEL', 8)dnl
define(`SMTP_MAILER_FLAGS',`C')dnl
FEATURE(`nocanonify')dnl
FEATURE(`access_db', `dbm -T<TMPF> /etc/mail/access')dnl
FEATURE(`virtusertable', `dbm /etc/mail/virtusertable')dnl
FEATURE(`mailertable', `dbm /etc/mail/mailertable')dnl
FEATURE(`genericstable', `dbm /etc/mail/genericstable')dnl
FEATURE(`smrsh',`/usr/lib/smrsh')dnl
FEATURE(`redirect')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`blacklist_recipients')dnl
R:5m;E:11m')dnl (word wrapped here - on one line in my file)
MAILER(local)dnl
MAILER(smtp)dnl
Sorry for the long post. Any ideas? TIA.
--
Mark Frank - CCNP, CCDP
Networking Engineer - Network Services LLC
mfrank at networkservices dot net
"The fix is only temporary...unless it works." - Red Green