Does anyone have any suggestions for tweaking security when relaying? ie. /etc/hosts.allow or deny?
Definitely use SMTP AUTH. Edit your /etc/mail/sendmail.mc and uncomment the following three lines so they look like this:
define(`confAUTH_OPTIONS', `A')dnl TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
By "uncomment", I mean make sure that each line ENDS with a "dnl" but DOES NOT BEGIN with one.
After you have done this, recreate your /etc/sendmail.cf file by running the command:
# m4 /etc/mail/sendmail.mc > /etc/sendmail.cf
Finally, just restart sendmail:
# service sendmail restart
You will now need to make sure that clients who send mail through your server have checked the little box for "My mail server requires authentication" in their mail account properties. All clients who wish to relay must now send the username and password, so you are not an open relay. I do this for 80 sites and about 1,300 people, and it works like a charm.
-- Rodolfo J. Paiz rpaiz@xxxxxxxxxxxxxx
-- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
