Locked down sendmail still relays
July 22, 2007 - Gyuri van de Bilt
A small setting can have major impact…
Although I don’t have daily routine in configuring servers, I do know what issues to attend when dealing with a mailserver configuration. The single most important thing (besides getting it to work) is to make sure it only relays messages from known sources.
Weird behaviour
After properly configuring my new Debian mailserver (with SMTP-AUTH) I however experienced some weird behaviour.
After some time it became apparent that not all mail was directly processed anymore by the mailserver…. The queue was stuffed with spam! I immediately checked if the server was an open relay, which was not the case.
In my opinion this meant the spam had to be send using a bug or hack in the system. After checking for known vulnerabilies, I tried if I could get the mailserver to relay as well. After some testing it was very willing to relay, but ONLY when sending mail to a .com email address. For any other top-level domain it would reject to relay. Sendmail was thus accepting to relay spam as long as it was send to a .com address!
The solution
Trying everything I disallowed relaying (in /etc/mail/access) even for localhost connections, making sure that no-one (except authenticated users) could relay. This ’solved’ the problem, but of course this was too tight… even mail send to local users was now also rejected:
sendmail[..]: [..] <user@mailserver.com>… User unknown
Finally the problem was solved by changing the hostname of the server (from domain.com to mail.domain.com).
Bad configuration or bug?
Ok, experienced mailserver experts (when using Sendmail at all…) might set the hostname (and maybe some additional settings) properly from the beginning… but…
A correctly configured Sendmail that secretly relays… can only be a bug in the Sendmail application!
Tip: Merlin - projectmanagement tool for Mac OSX!
Comments»
no comments yet - be the first?