Summary: Sun sendmail ignores relay-domains?

From: Jacob Ritorto <jacob.ritorto_at_gmail.com>
Date: Fri Jun 20 2008 - 14:50:17 EDT
Yes and no.

Crist Clark was kind enough to point out that there are some entries
in /etc/mail/cf/domain/solaris-generic.m4 that clobber the settings
one puts in /var/mail/cf/cf/local.mc.  My problem was that the line

FEATURE(`relay_entire_domain')dnl,

which was included in the solaris-generic.m4 file, had more influence than the

FEATURE(relay_hosts_only)dnl

that I typed into my sendmail.mc file.  So all hosts were still able send out.

To fix this, I noted that the solaris-generic file was referenced in
sendmail.mc, so I edited it and changed solaris-generic to
solaris-antispam, ran make, copied the cf file over and restarted
sendmail.  The unwanted permissive behaviour ceased and now only hosts
listed in relay-domains were allowed to send out.  Success!

Everyone else who replied recommended that I remove sendmail
completely and deploy a less queer mail program.

Thanks to all who replied, especially Crist for getting my eyes moving
in the right direction.  This is arguably a Solaris-specific sendmail
peculiarity.

jake


On Wed, Jun 18, 2008 at 3:34 PM, Jacob Ritorto <jacob.ritorto@gmail.com> wrote:
> Hi all,
>        My mailserver (which has correct MX records and a working NAT
> to the internet) was letting out virus mail from our PCs to the
> internet.  It's the stock Sun sendmail config that ships with Solaris
> 10 u4, which allows anything inside to send out.  So I wanted to crack
> down a bit and allow mail to originate from only a few known good
> hosts.
>
> I went into the /etc/mail/cf/cf directory and added the
> FEATURE(relay_hosts_only) line to sendmail.mc.
>
> Then I ran make and copied the resulting sendmail.cf file to /etc/mail.
>
> Then I went to /etc/mail and made a file called relay-domains
> containing my handful of good sender hostnames.
>
> Then I svcadm restarted sendmail.
>
> Nothing changed -- I'm still able to send mail out from any host on
> the internal subnets via this mailserver (verified this manually using
> mconnect).  Would someone point out my mistake, please?
>
> thx
> jake
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Fri Jun 20 14:51:57 2008

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:11 EST