Can't relaying be stopped without using SMTP AUTH?
Yes, it can. SMTP AUTH exists so that you can relay mail through that server to someone else, but so that spammers can't abuse your box. So if no one needs to use that machine as a relay from the outside (say, you with a notebook computer somewhere else), then SMTP AUTH is not needed, and relaying should be shut down.
Do I have the wrong idea when I say SMTP AUTH will require that any sender to an email address in your domain has to have some kind of name and password to send mail?
Yes, you definitely have the wrong idea. If that were true, then everybody would need to have an account on your server in order to send you mail, and that's obviously not how it works. Some scenarios:
1. The Apache service, or any local user, on the box wants to send mail: it connects to localhost (127.0.0.1) port 25 (on which sendmail listens by default) and sends its mail. Mail is originating from the same box, so no relaying is taking place and any request to send mail anywhere will be accepted.
If you comment out the DAEMON_OPTIONS line in sendmail.mc that limits sendmail to only listening on 127.0.0.1, then sendmail will listen on /all/ interfaces. Alternately, you can add an additional DAEMON_OPTIONS line in sendmail.mc that contains the IP address of another interface, and sendmail will listen on those two interfaces. Now:
2. If anyone on Earth wants to send mail TO A USER ON THIS SERVER, then sendmail will accept any message from anywhere and perform local delivery via procmail.
3. If someone OUTSIDE the server wants this server to take a message and deliver it to another user, also OUTSIDE the server, then as far as sendmail is concerned the message originated from an outsider, passed through this server, and is supposed to be delivered to another outsider. This is relaying. And if you want sendmail to relay, then you should definitely configure SMTP AUTH and leave /etc/mail/access pretty much locked down. (Unless you only want a few specific IP addresses on Earth to be able to relay, but that's not often the case.)
Let me clarify a little and maybe that will curb some confusion. This server is going to be meant mainly as a web server serving two sites. The only mail that will really be done by this will be outgoing (i.e. "Your order has shipped jackass!").
So you only want scenarios #1 and #2, but not #3, right? Then you don't need to relay, and you don't need SMTP AUTH. But then most likely you broke something, since those two scenarios require only a single line to be modified in sendmail.mc before regenerating sendmail.cf. You may want to try getting a "clean" copy of the sendmail.mc and starting over (you /DID/ make a backup of the original unmodified file... right??).
I'm not sure that you /want/ to delete 52 packages and start over, but if that's the easiest way for you then go for it. I would first try to fix my sendmail.mc and .cf though; you can use the sendmail.mc file on my HOWTO as a reference for one that does work.
-- Rodolfo J. Paiz rpaiz@xxxxxxxxxxxxxx http://www.simpaticus.com
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
