Sendmail security

Sendmail security

Sendmail security 150 150 Roderick Derks

Adding some hints here to secure your mailserver. The list will grow in time. 

$ vi /etc/mail/access

# Description showing bellow for the format of this file comes from
# the Sendmail source distribution under “cf/README” file.
#
# The table itself uses e-mail addresses, domain names, and network
# numbers as keys. For example,
#
#        spammer@aol.com                REJECT
#        cyberspammer.com               REJECT
#        192.168.212                            REJECT
#
# would refuse mail from spammer@aol.com, any user from cyberspammer.com
# (or any host within the cyberspammer.com domain), and any host on the
# 192.168.212.* network.
#
# The value part of the map can contain:
#
#        OK           Accept mail even if other rules in the
#                        running ruleset would reject it, for example,
#                        if the domain name is unresolvable.
#        RELAY   Accept mail addressed to the indicated domain or
#                        received from the indicated domain for relaying
#                        through your SMTP server.  RELAY also serves as
#                        an implicit OK for the other checks.
#        REJECT  Reject the sender or recipient with a general
#                        purpose message.
#        DISCARD    Discard the message completely using the
#                        $#discard mailer.  This only works for sender
#                        addresses (i.e., it indicates that you should
#                        discard anything received from the indicated
#                        domain).
#        ### any text    where ### is an RFC 821 compliant error code
#                        and “any text” is a message to return for
#                        the command.
#
# For example:
#
#        cyberspammer.com        550 We don’t accept mail from spammers
#        okay.cyberspammer.com          OK
#        sendmail.org                           OK
#        128.32                                 RELAY
#
# would accept mail from okay.cyberspammer.com, but would reject mail
# from all other hosts at cyberspammer.com with the indicated message.
# It would allow accept mail from any hosts in the sendmail.org domain,
# and allow relaying for the 128.32.*.* network.
#
# You can also use the access database to block sender addresses based on
# the username portion of the address. For example:
#
#        FREE.STEALTH.MAILER@    550 Spam not accepted
#
# Note that you must include the @ after the username to signify that
# this database entry is for checking only the username portion of the
# sender address.
#
# If you use like we do in our “sendmail.mc macro configuration:
#
#        FEATURE(`blacklist_recipients’)
#
# then you can add entries to the map for local users, hosts in your
# domains, or addresses in your domain which should not receive mail:
#
#        badlocaluser            550 Mailbox disabled for this username
#        host.mydomain.com       550 That host does not accept mail
#        user@otherhost.mydomain.com     550 Mailbox disabled for this recipient
#
# This would prevent a recipient of badlocaluser@mydomain.com, any
# user at host.mydomain.com, and the single address
# user@otherhost.mydomain.com from receiving mail. Enabling this
# feature will keep you from sending mails to all addresses that
# have an error message or REJECT as value part in the access map.
# Taking the example from above:
#
#        spammer@aol.com                REJECT
#        cyberspammer.com               REJECT
#
# Mail can’t be sent to spammer@aol.com or anyone at cyberspammer.com.
#
# Now our configuration of access file,
# by default we allow relaying from localhost…
localhost.localdomain           RELAY
localhost                               RELAY
127.0.0.1                               RELAY
192.168.1                               RELAY

$ service sendmail reload 

Roderick Derks

Liefhebber van fietsen, van het oplossen van IT puzzels, en van het delen van informatie om anderen te helpen.

All stories by:Roderick Derks

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Your Name (required)

    Your Email (required)

    Subject

    Your Message

      Your Name (required)

      Your Email (required)

      Subject

      Your Message