On Friday 31 January 2003 01:48, Tomasz Popik wrote:
> I will continue disscusion about spamimg.
>
> That is easy, sendmail listen for incoming connections on port 25. How to
> find out, if connection is made from other host/sendmail, or connection is
> made from mail client? Connections to my mail server is redirected throug
> firewall, and this gives one fault. Sendmail do not know real IP address,
> for sendmail all connections comes from 192.168.0.2. That all. So I cant
> recompile sendmail and add feature POP before SMTP because, this methode
> simply is based on IP loging. So this is completly rabish because all
> conneciton is from one IP. So does anyone know how to check if connections
> is for tranporting mail beatwen sendmail or not. And next how to block
> connections form mail clients, or how to authorize it? So far, i have help
> my self, and remove from /etc/mail/access the 192.168.0.2 RELAY record, and
> that help me to stop spaming and be an open relay. But this shut down
> ability to remote clients, who are allowed, check their mail. How do it?
>
> I have wathed long time the /var/log/maillog and there is diference, form
> connections. So i have prove that sendmail is able to examine from who is
> connection made.
>
> Thanks.
>
Unless, you configure things so that the box running sendmail sees the
clients address you're going to have difficulties.
The way I think you want it to run is that any connection from your local
subnet 192.168.0.0 is allowed to relay but any connection from outside isn't.
Further to that, all connections come via your firewall and have a source
address of 192.168.0.2 (the firewall). Is that correct?
You really need to configure your firewall so that it doens't rewrite the
source address of external connections. That will solve your problem. If you
can't do that, try running a mail relay on your firewall. This box will be
able to see the client address and can choose to relay based on that. ie. if
it's from the local LAN, allow relays. If it's external, only allow relaying
if the destination is your mail server (or an alias for it).
This way, connections from the internal LAN don't even need to be sent to the
mail server. The mail relay on your firewall can handle where to send the
mail and you'll reduce the load on the mail server, and most probably on the
firewall too.
Hope that helps a bit.
Paul.
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
