Adding some hints here to secure your mailserver. The list will grow in time.
$ vi /etc/mail/access
# Description showing bellow for the format of this file comes from # the Sendmail source distribution under “cf/README” file. # # The table itself uses e-mail addresses, domain names, and network # numbers as keys. For example, # # spammer@aol.com REJECT # cyberspammer.com REJECT # 192.168.212 REJECT # # would refuse mail from spammer@aol.com, any user from cyberspammer.com # (or any host within the cyberspammer.com domain), and any host on the # 192.168.212.* network. # # The value part of the map can contain: # # OK Accept mail even if other rules in the # running ruleset would reject it, for example, # if the domain name is unresolvable. # RELAY Accept mail addressed to the indicated domain or # received from the indicated domain for relaying # through your SMTP server. RELAY also serves as # an implicit OK for the other checks. # REJECT Reject the sender or recipient with a general # purpose message. # DISCARD Discard the message completely using the # $#discard mailer. This only works for sender # addresses (i.e., it indicates that you should # discard anything received from the indicated # domain). # ### any text where ### is an RFC 821 compliant error code # and “any text” is a message to return for # the command. # # For example: # # cyberspammer.com 550 We don’t accept mail from spammers # okay.cyberspammer.com OK # sendmail.org OK # 128.32 RELAY # # would accept mail from okay.cyberspammer.com, but would reject mail # from all other hosts at cyberspammer.com with the indicated message. # It would allow accept mail from any hosts in the sendmail.org domain, # and allow relaying for the 128.32.*.* network. # # You can also use the access database to block sender addresses based on # the username portion of the address. For example: # # FREE.STEALTH.MAILER@ 550 Spam not accepted # # Note that you must include the @ after the username to signify that # this database entry is for checking only the username portion of the # sender address. # # If you use like we do in our “sendmail.mc macro configuration: # # FEATURE(`blacklist_recipients’) # # then you can add entries to the map for local users, hosts in your # domains, or addresses in your domain which should not receive mail: # # badlocaluser 550 Mailbox disabled for this username # host.mydomain.com 550 That host does not accept mail # user@otherhost.mydomain.com 550 Mailbox disabled for this recipient # # This would prevent a recipient of badlocaluser@mydomain.com, any # user at host.mydomain.com, and the single address # user@otherhost.mydomain.com from receiving mail. Enabling this # feature will keep you from sending mails to all addresses that # have an error message or REJECT as value part in the access map. # Taking the example from above: # # spammer@aol.com REJECT # cyberspammer.com REJECT # # Mail can’t be sent to spammer@aol.com or anyone at cyberspammer.com. # # Now our configuration of access file, # by default we allow relaying from localhost… localhost.localdomain RELAY localhost RELAY 127.0.0.1 RELAY 192.168.1 RELAY |
$ service sendmail reload
Leave a Reply