On Thu, 2006-09-21 at 05:38 +0100, abhishek singh wrote: > i have never opened telnet ok , my xinetd service is > off so there is no telnet service , i m doing telnet > to outside to 25 port on my mail server and there is > proper smtp authentication enabled on server , the > problem is anyuser (non-existing) with my domain can > send mail to my real domain users. > below is example........ > > ##EXAMPLE 1> > > telnet 192.168.1.4 25 > 220 UNAUTHORIZED ESMTP ACCESS IS PROHIBITED > > 220 UNAUTHORIZED ESMTP ACCESS IS PROHIBITED > mail.domain.com > ehlo domain.com > 250-mail.domain.com Hello [192.168.1.5], pleased to > meet you > 250-ENHANCEDSTATUSCODES > 250-PIPELINING > 250-8BITMIME > 250-SIZE > 250-DSN > 250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN > 250-STARTTLS > 250-DELIVERBY > 250 HELP > MAIL FROM:<axy@xxxxxxxxxx> > 250 2.1.0 <axy@xxxxxxxxxx>... Sender ok > RCPT TO:<abhi@xxxxxxxxxx> > 250 2.1.5 <abhi@xxxxxxxxxx>... Recipient ok > DATA > 354 Enter mail, end with "." on a line by itself > this is bad > . > 250 2.0.0 k8L4I0FL004621 Message accepted for delivery > quit > 221 2.0.0 mail.domain.com closing connection > #################################################### > EXAMPLE-2 > > telnet 192.168.1.4 25 > > 220 UNAUTHORIZED ESMTP ACCESS IS PROHIBITED > mail.domain.com > ehlo domain.com > 250-mail.domain.com Hello [192.168.1.5], pleased to > meet you > 250-ENHANCEDSTATUSCODES > 250-PIPELINING > 250-8BITMIME > 250-SIZE > 250-DSN > 250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN > 250-STARTTLS > 250-DELIVERBY > 250 HELP > MAIL FROM:<alex@xxxxxxx> > 250 2.1.0 <alex@xxxxxxx>... Sender ok > RCPT TO:<abhi@xxxxxxxxxx> > 250 2.1.5 <abhi@xxxxxxxxxx>... Recipient ok > DATA > 354 Enter mail, end with "." on a line by itself > hjsdhkjhdfkjhsdkf > sfdkdkfjdkg > . > 250 2.0.0 k8L4LUMY004822 Message accepted for delivery > quit > 221 2.0.0 mail.domain.com closing connection > > > Connection to host lost. > > > In above example u can see in the 1st example the > sender(xyz) is not real user of my domain , still he > is able to sendmail to my real users (abhi). ---- probably not good questions for the list but better you to read up on what you want to do. The above is normal behavior for an smtp server that is accepting mail for local users - how else would anyone else send e-mail to users on your domain if it didn't work this way? ---- > > In second scenario sender is able to send mail by > forging domain name by any domain to my domain users. ---- yeah by RFC, you shouldn't need to be sending from a valid host and you can offer a return e-mail address that is totally faked ---- > > i have replaced my real domain name with domain.com > and i have to do same thing from out side network , in > my /etc/mail/access file only 127.0.0.1 is allowed . ---- if that is the case, it isn't working - perhaps you want to show us your real sendmail.mc file or read up on using sendmail. ---- > > when i am trying to send mail to another domain then > relaying is denied means my mail server is not open > relay. ---- nothing I saw above would indicate that but you can have other systems test your system for being an open relay...try www.ordb.org ---- > > plz help me. ---- You need to read up on sendmail, MTA usage in general. This list can help with configuration details but you need to get a better understanding which would only come from in depth reading of things like the Sendmail 'Bat' book. Craig _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos