[pedz]

I've had this trouble with my Mac server too. If an smtp server (Mac uses Postfix) is completely open, then it will forward mail from any site to any site. So joe@host1.com sends email to sally@host2.com but directs it through your site. I guess they do it so it is harder to track down who sent it.

With the Mac server, the administrator simply unchecks a button in the GUI interface and, poof, problem solved. Does anyone know how to do the same thing in sendmail.cf?

Specifically I want to allow any host to send mail to a local address and I want to allow any local person to send out to any address, but thats all. postfix calls it "proxy". You turn off proxy and the problem is solved. I don't see the word proxy anywhere in the sendmail.cf file.

This is on 5.2 gold.

[FASherman]

What you are discribing is called relaying. You want to be able to send mail internally and send out mail from internal users. but you don't want spammers to use your server to relay mail for them.

You likely want FEATURE(relay_entire_domain)enabled. These links should help:

• Allowing controlled SMTP relaying in Sendmail 8.9 and later
• Using check_* in sendmail 8.8

[s.fida]

pedz you have posted a good question as i treid to realize. I also wanted to upgrade my mail server to 5.3 but it is my first time to do this. So i need to import users from 4.3 and for better i need a good configuration for sendmail. In my case the problem is with the spams. I read it that milter with some other modules can solve this but the problem it was that the milter work on sendmail 8.12 and above and AIX sendmail is 8.11. Soon we boght a 5.3.04 which was compiled with milter but i still havent try it.
So please if anybody has an article how to upgrade or how to configure sendmail for better security it will be nice to post it here.

Thanks in advance.

[FASherman]

This should help with your spam concerns.

Sendmail cf/README - Anti-Spam Configuration Control

[marleyg]

We have an AIX system that we use for our main application. The application has the ability to e-mail copies of POs, Quotes, etc to customers and vendors. We have a separate mail server (EIMS) running on a Mac. Both the Mac and the AIX system are on the same (internal) subnet.
The address, userx@aquaflo.com, entered at the time the AIX program was set up, is the From address for the application. When we send a message to customer@sample.com with a copy to the local user salesperson@aquaflo.com the following response goes to userx:


From: Mail Delivery Subsystem <MAILER-DAEMON@aixserver.aquaflo.com>
Date: July 24, 2006 11:13:25 AM PDT
To: <userx@aquaflo.com>
Subject: Returned mail: see transcript for details

The original message was received at Mon, 24 Jul 2006 11:13:19 -0700
from aixserver [192.168.12.252]

----- The following addresses had permanent fatal errors -----
<salesperson@aquaflo.com>
(reason: 550 5.7.1 sender domain is not valid for userx@aquaflo.com)

----- Transcript of session follows -----
<customer@sample.com>... Deferred: Connection refused by mx4.sample.com.
... while talking to mail.aquaflo.com.:
MAIL From:<userx@aquaflo.com> SIZE=76274
<<< 550 5.7.1 sender domain is not valid for userx@aquaflo.com
554 5.0.0 <salesperson@aquaflo.com>... Service unavailable

Reporting-MTA: dns; aixserver.aquaflo.com
Received-From-MTA: DNS; aixserver
Arrival-Date: Mon, 24 Jul 2006 11:13:19 -0700

Final-Recipient: RFC822; salesperson@aquaflo.com
Action: failed
Status: 5.7.1
Diagnostic-Code: SMTP; 550 5.7.1 sender domain is not valid for userx@aquaflo.com
Last-Attempt-Date: Mon, 24 Jul 2006 11:13:25 -0700


From: userx@aquaflo.com
Date: July 24, 2006 11:00:00 AM PDT
To: customer@sample.com, salesperson@aquaflo.com
Subject: Important PDF Attachment from Aqua Flo

Does this mean that the message is going out directly, bypassing the EIMS mail server? Is the answert to relay through the EIMS server? How does one cause Sendmail to do that?

Marley Graham
Aqua-Flo Supply

[FASherman]

Yes, sendmail is trying to directly deliver mail to both accounts. What you need to do is define the other server as the mail hub. Sendmail will then forward all mail except local (on that server) mail to the hub for delivery.

[marleyg]

Sorry if this is obvious, but; How do I tell the AIX sendmail to use the Mac EIMS server as the hub? Is that a Sendmail thing, or a system thing?

Marley Graham

[FASherman]

Configure Sendmail with a smart host, which is where all non-local mail will be sent. To configure a smart host you need to include:

define(`SMART_HOST',`smtp.your.provider')

in the sendmail.mc you use to build sendmail.cf, replacing smtp.your.provider with the host name of the MTA that you want to send the mail to. Or, you can edit your sendmail.cf and set DS, like:

# "Smart" relay host (may be null)
DSsmtp.your.provider

To configure a mail hub you need to build a sendmail.cf using a sendmail.mc that contains:

divert(-1)
#
# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#

#
# This the prototype for a "null client" -- that is, a client that
# does nothing except forward all mail to a mail hub. IT IS NOT
# USABLE AS IS!!!
#
# To use this, you MUST use the nullclient feature with the name of
# the mail hub as its argument. You MUST also define an `OSTYPE' to
# define the location of the queue directories and the like.
#

divert(0)dnl
VERSIONID(`$Id: clientproto.mc,v 8.16 2000/03/21 21:05:26 ca Exp $')

OSTYPE(unknown)
FEATURE(nullclient, smtp.your.provider)

editing the file to change "smtp.your.provider" and change "unknown" to "aix5". Then build a new sendmail.cf. In either case you'll need to restart sendmail for the change to take effect.

[s.fida]

log onto incoming mail server pop3 failed. I dont know why this happend. MS Outlook it find it but cant log on. How can i fix this. I tried with IMAP but the same. Is there any hint for this becuase i dont think the firewall can makes problem on the same IP range.

[s.fida]

problem solved with
refresh -s inetd

s.fida