Find the answer to your Linux question:
Results 1 to 5 of 5
Hi we're running FC5 with sendmail 8.13. I notice a ton of email leaving the server with unknown "from" addreses. Shouldn't mail from our local domain only be allowed to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2006
    Posts
    22

    Forged "from" addresses in maillog


    Hi we're running FC5 with sendmail 8.13. I notice a ton of email leaving the server with unknown "from" addreses. Shouldn't mail from our local domain only be allowed to send out?



    Tim

  2. #2
    Just Joined! wildpossum's Avatar
    Join Date
    Apr 2008
    Location
    Sydney/Australia
    Posts
    92
    How much do you know about sendmail and its in-securities?
    Sendmail has very well known exploits and unless your added secure directives and maybe even protected out going mail via another method your doomed to be blacklisted soon.

    I suggest you read all you can, and research other forums especilly sendmail ones to secure your setup.

    To anwser your question directly, yes - but that doesn't equate to garentee-ing that it ONLY does so, as it may be a store and forward exploit.

    FC5 is pretty old, best ensure your got the latest updates etc.

  3. #3
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    Quote Originally Posted by timinator View Post
    Shouldn't mail from our local domain only be allowed to send out?



    Tim
    generally speaking yes. sounds like an open relay sendmail open relay - Google Search

  4. #4
    Just Joined!
    Join Date
    Sep 2006
    Posts
    22
    Can you define "open relay"? I thought the version of sendmail I'm running by default will not relay mail. The online tests I run all say "not" an open relay. It looks like a SMTP thing and I'm researching it. Any additional help would be appreciated.

    Thanks

  5. #5
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    I guess technically your right, an "open relay" implies that external sources are using your server as a jump off to relay mail. but to me, if someone can forge mail on your system from the outside, then they could send an email to anyone they want using your server. that sounds kind of open-ish to me

    I personally don't use sendmail but I was just trying to help with the idea of whats wrong. were I work we split the funtions of our mail, incoming smtp is not the same server that sends our mail, our incoming and outgoing are different servers. so then for incoming smtp we reject any mail that has mail from = ourdomain.com since that should never happen. the only way anyone outside should be able to connect to your server and send as yourdomain.com should be if that have autheniticated, like an email client.

    just my opinion, sorry if it confused.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •