Setting up sendmail on a firewall, Part 1

By Carole Fennelly, Unix Insider |  Networking


  • Advantage: Fine-tunes the permission for relaying by requiring
    a fully qualified host name rather than just the domain name.


  • Disadvantage: Requires you to specify in either the file
    /etc/mail/relay-domains or the access database the host name of the
    system you're permitting to relay. For example, if I use this, my
    /etc/mail/relay-domains file would have:


company.com
mailgate.company.com
othername.com
mailgate.othername.com

Mail blocking

Here are the basics of sendmail's antispam features.

accept_unresolvable_domains

By default, if the sender's domain cannot be resolved in DNS, the
mail is rejected. For example:


MAIL FROM: <wkeys@nonexistent> 501 <wkeys@nonexistent>... Sender
domain must exist

Using accept_unresolvable_domains overrides this and accepts mail from any domain
or IP address.


  • Advantage: You may have to accept mail from IP addresses if the
    senders don't have their headers rewritten to come from a
    registered domain.


  • Disadvantage: You can be spammed from anywhere. You may be better off
    listing known sites with this problem in the access database.

access_db

To use the access database feature, your system must support at
least one map type such as NDBM (standard on most commercial systems
such as Solaris) or the Berkeley database (Berkeley DB) 2.X. If you want to use
Berkeley DB, you can obtain it from Sleepycat Software. If you install the
Berkeley version, make sure you build sendmail with the NEWDB flag (and include
the Berkeley DB libraries and include files).

The access_db feature causes sendmail to look in a database map
file (by default /etc/mail/access.db) and decide whether to accept
or reject mail from a particular user or site. You can even send
a custom error message. This feature can also be used to
control relaying permissions.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

NetworkingWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question