Friday, September 3

Disable or Enable open relay in sendmail

Friday, September 03, 2010     1 comment

How to Disable or Enable open relay in sendmail




Sendmail 8.9 and above will disallows relaying by default. By default this will allow relaying from localhost only.
You can edit the sendmail access database  ( /etc/mail/access) and enable or disable open relay.
Default Configuration:

#vim /etc/mail/access
Connect:localhost.localdomain           RELAY
Connect:localhost                       RELAY
Connect:127.0.0.1                       RELAY


You can use host name or ip address in the access database
youordomain.com               RELAY
spam@buyme.com             550 Spammers not allowed
virus@virusdomain.com    DISCARD
10.10.10                              REJECT

To Reject Mail Form Particular Hoste
rejectserver.com                REJECT
10.10.2.2                             REJECT


Open Relay:
  Open Relay servers will be configured to relay all ip range
By adding the *.* entry in /etc/mail/access you can enable relay for all
*.*         RELAY
Also by adding your domain name in the /etc/mail/relay-domains you can enable relay form particular domain server.
Now a days most of the mail servers will not allow mails from open relay servers.


To Disable OPEN Relay:
 By allowing relay from only your local ip range and localhost, you can disable the open relay.
127.0.0.1               RELAY
192.168.1              RELAY
If your server is configured with smtp auth or POP-before-SMTP, then you can remove all the relay entries (Even local ip range) in the access database.
It is always better to configure your server with smtp auth or POP-before-SMTP . This will be useful for roaming users also.

Also check /etc/mail/relay-domains and remove all the relay domains


In some cases relaying is allowed even though it isn't intended. This is because of the use of FEATURE(relay_entire_domain) which allows relaying for every system in class m. If class m is wrong, then the system may open up relaying for other hosts in that domain. You have to verify this
echo '$=m' | sendmail -bt -d0.4
Sometimes class m is set wrong to be just a TLD (e.g., com). In this case, fix your hostname to be host.sld.tld instead of sld.tld or change $m, or remove FEATURE(relay_entire_domain) and use other means instead

Open Relay Testing Websites:

http://www.abuse.net/relay.html
http://www.mob.net/~ted/tools/relaytester.php3
http://www.checkor.com/

MX Tool
http://www.mxtoolbox.com/
smtp authentication vs. pop before smtp







FOLLOW US :-        
                Google+         Follow Me on Pinterest

1 comments :

  1. Authentication-Results: mx.google.com; spf=neutral (google.com: 203.131.116.125 is neither permitted nor denied by best guess record for domain of) smtp.mail=abc.1@r.com
    Received: from world ([10.10.X.X])how to hide from world IP address above brackets 10.10.x.x to the end users mail details. Pls help.Thanks.

    ReplyDelete

Subscribe to: Post Comments ( Atom )