1. Forum
  2. Usenet
  3. COMP.MAIL.SENDMAIL

  • How to block relaying to own domains without authentication?

    From Hans Mayer@21:1/5 to All on Mon Mar 29 09:35:36 2021
    If inbound and outbound are separate, you might be able to get away with "from:my.domain REJECT" on the inbound.

    yes, inbound and outbound are separate

    Can I block the entire domain like "From: my.domain REJECT" ?
    Yes, I believe so.

    I made an entry in access DB like this

    From:my.domain ERROR:5.7.1:550 Unacceptable sender domain

    This works perfect.
    What I want to achieve is that some ip ranges should be excluded from this rule.
    I tried several entries but non of them worked.

    Connect:192.168.1 OK
    Connect:192.168.1 RELAY
    192.168.1 RELAY
    From:[192.168.1] OK
    From:192.168.1 OK
    To:my.domain RELAY
    To:my.domain OK

    Is this issue solvable ? If yes, how ?

    // Hans

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to Hans Mayer on Mon Mar 29 17:37:07 2021
    Hans Mayer wrote:

    From:my.domain ERROR:5.7.1:550 Unacceptable sender domain

    What I want to achieve is that some ip ranges should be excluded from this rule.

    You'll have to write some rules: Local_check_mail.
    Check whether $&{client_addr} is in "some ip ranges"
    and return #$ OK if so.
    See cf/README.

    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Hans Mayer@21:1/5 to All on Tue Mar 30 02:01:53 2021
    Dear Claus,

    many thanks for your swift answer. I never wrote own rules, it was always possible to solve it with the standard rule set. I will dig into this new area for me.

    // Hans

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to Hans Mayer on Wed Mar 31 04:31:50 2021
    Hans Mayer wrote:

    I got the request from management to block e-mails with fake sender address with the
    own address. Therefore I have 2 questions:

    Which "fake sender address" does "management" want to block? The
    envelope MAIL (which "normal" people will never see) or the header From:/Sender:? The default rules in sendmail only deal with envelope information.

    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Hans Mayer@21:1/5 to All on Sat Apr 3 11:39:44 2021
    Dear Claus,

    It's the envelope. The header address we can handle with spamassassin and a self written rule.

    // Hans

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)