Am 21.04.2014 19:11, schrieb Dan Thurman:
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
Drop 1 below:
DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL M=s')dnl
Add 2 below:
DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
So far, the spamming stopped...
You changes are random an do not explain why spammers were/are able to
misuse your Sendmail.
This is what I am trying to understand. I was adding spammers to the
access
database, only to discover that the access database was either ignored or
the access database record added was bogus to begin with.
In one of your postings you have shown your sendmail.mc. From that we see
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
The "-o" parameter isn't really recommended as Sendmail will not
complain if the access_db file is missing or problematic.
Details about the proper use of the access_db can be read within cf/README
http://www.sendmail.org/~ca/email/doc8.12/cf/m4/anti_spam.html
Sendmail offers methods to debug the use of map files like the access_db
in "sendmail -bt" mode and even by using various debug parameters. See i.e.
http://www.sendmail.org/~ca/email/chk-dbg.html
DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL M=s')dnl
and
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
are equal. There is no functional difference. And offering the
additional daemon on the submission port and enforcing authentication
for that service just adds a function and does not fix anything
previously configured.
In fact using submission on port 587 with STARTTLS is the right thing
How can I do this?
By dropping the use of SMTPS. All modern MUAs support STARTTLS these
days and STARTTLS has obsoleted SMTP over SSL (SMTPS).
instead of the obsoleted SMTPS on port 465.
Alexander
Ok, so what DAEMONs do I need? So far you said:
? DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
If you want to receive mail from other MTAs, then you need at least a
listening daemon on port 25. The shortest syntax for that is the line
above, making Sendmail listening on all available interfaces.
Obsolete: DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL M=s')dnl
above identical with below
Obsolete: DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
Yes, drop daemons listening on port 465 / smtps and use a submission
service on port 587 instead.
No value: DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
That defines a Sendmail daemon on port 587 (`getent services
submission'), gives it the internal name MSA and by the mailer modifier
"a" it dictates that submitting clients must authenticate before being
able to relay. That's important and a mandatory setting for a public
bound submission service.
Thanks!
Alexander
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
