Disable or Enable open relay in Sendmail

   1 Comment on Disable or Enable open relay in Sendmail

How to Disable or Enable open relay in sendmail SMTP

Sendmail Open relay

Open relay is disabled by default in Sendmail 8.9 and above.
It will only allow relaying from localhost.
You can edit the sendmail access database  ( /etc/mail/access) and enable or disable open relay.

Default Configuration:

#vim /etc/mail/access

Connect:localhost.localdomain           RELAY
Connect:localhost                       RELAY
Connect:127.0.0.1                       RELAY


You can use host name or ip address in the access database
youordomain.com               RELAY
10.5.10.5                                   RELAY
spam@buyme.com             550 Spammers not allowed
virus@virusdomain.com    DISCARD


To Reject Mail Form Particular Host/IP

rejectserver.com                REJECT
10.10.2.2                                REJECT

Open Relay:

Open Relay servers will be configured to relay all ip range
By adding the *.* entry in /etc/mail/access you can enable relay for all

*.*         RELAY

Also by adding your domain name in the /etc/mail/relay-domains you can enable relay form particular domain server.
Now a days most of the mail servers will not allow mails from open relay servers.

How to Disable Sendmail OPEN Relay

By allowing relay from only your local ip range and localhost, you can disable the open relay.
127.0.0.1               RELAY
192.168.1              RELAY
If your server is configured with smtp auth or POP-before-SMTP, then you can remove all the relay entries (Even local ip range) in the access database.
It is always better to configure your server with smtp auth or POP-before-SMTP . This will be useful for roaming users also.

Also check /etc/mail/relay-domains and remove all the relay domains

In some cases relaying is allowed even though it isn’t intended. This is because of the use of FEATURE(relay_entire_domain) which allows relaying for every system in class m. If class m is wrong, then the system may open up relaying for other hosts in that domain. You have to verify this
echo ‘$=m’ | sendmail -bt -d0.4
Sometimes class m is set wrong to be just a TLD (e.g., com). In this case, fix your hostname to be host.sld.tld instead of sld.tld or change $m, or remove FEATURE(relay_entire_domain) and use other means instead

Open Relay Testing Websites:

http://www.abuse.net/relay.html
http://www.mob.net/~ted/tools/relaytester.php3
http://www.checkor.com/

MX Tool
http://www.mxtoolbox.com/
smtp authentication vs. pop before smtp

 

1 thought on “Disable or Enable open relay in Sendmail

  1. Anonymous

    Authentication-Results: mx.google.com; spf=neutral (google.com: 203.131.116.125 is neither permitted nor denied by best guess record for domain of) smtp.mail=abc.1@r.com
    Received: from world ([10.10.X.X])how to hide from world IP address above brackets 10.10.x.x to the end users mail details. Pls help.Thanks.

    Reply

Leave a Reply to Anonymous Cancel reply

Your email address will not be published. Required fields are marked *