From owner-freebsd-current Mon Jun 8 18:23:53 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA21120 for freebsd-current-outgoing; Mon, 8 Jun 1998 18:23:53 -0700 (PDT) (envelope-from owner-freebsd-current@FreeBSD.ORG) Received: from smtp02.primenet.com (daemon@smtp02.primenet.com [206.165.6.132]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA21090 for ; Mon, 8 Jun 1998 18:23:40 -0700 (PDT) (envelope-from tlambert@usr07.primenet.com) Received: (from daemon@localhost) by smtp02.primenet.com (8.8.8/8.8.8) id SAA09564; Mon, 8 Jun 1998 18:23:35 -0700 (MST) Received: from usr07.primenet.com(206.165.6.207) via SMTP by smtp02.primenet.com, id smtpd009533; Mon Jun 8 18:23:28 1998 Received: (from tlambert@localhost) by usr07.primenet.com (8.8.5/8.8.5) id SAA23641; Mon, 8 Jun 1998 18:23:26 -0700 (MST) From: Terry Lambert Message-Id: <199806090123.SAA23641@usr07.primenet.com> Subject: Re: (NOT) relaying mail with current To: mauri@krabi.mbp.ee (Lauri Laupmaa) Date: Tue, 9 Jun 1998 01:23:26 +0000 (GMT) Cc: current@FreeBSD.ORG In-Reply-To: from "Lauri Laupmaa" at Jun 8, 98 08:47:36 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Is -current relaying mail by default ? What are the simple steps to take > to stop relaying (apart from reading sendmail book) ? You could compile sendmail 8.9 for your machine. This will turn off relaying by default. I believe it is a port. I prefer www.obtuse.com's "smtpd/smtpfwdd" from Obtuse system's, Inc.'s "free code" area. You can turn on RBL, etc., from it. You run smtpd in place of the sendmail in daemon mode. It runs in a chroot jail, and protects against sendmail exploits, as well. To turn off relaying, you define an smtpd.rules file (that lives in /etc in the chroot jail). If you are using a FreeBSD box as a router/firewall (ie: it has your network on one side, and the Internet on the other), the simplest way to accomplish this is to install my patches to ifconfig to allow the designation of the internal network as "trusted": http://www.freebsd.org/~terry/ This is exactly the model supported by the Juniper firewall code itself, so (obviously) it works well with their "smtpd" program. Then you edit their "address_check.c" and replace their: connection_trusted() Function to getsockopt() on the socket to see if packets sent on it would got to a "trusted" interface or not. If they will, the machine's inside, and the relay is allowed. The rules file for no external relay is: allow:TRUSTED:ALL:ALL noto:ALL:ALL:ALL:551 Sorry %H(%I), I don't allow unauthorized relaying. Please use another SMTP host to mail from %F to %T ...the only catch is you need to replace the "#if defined(JUNIPER_SUPPORT)" with "#if defined(CHECK_ADDRESS)", and define it seperately for FreeBSD; this makes it so it's a recompile if you later buy Juniper (or replace your Juniper box with a FreeBSD box). Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message