Results 1 to 5 of 5
Hi we're running FC5 with sendmail 8.13. I notice a ton of email leaving the server with unknown "from" addreses. Shouldn't mail from our local domain only be allowed to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 06-09-2008 #1
- Join Date
- Sep 2006
Forged "from" addresses in maillog
Hi we're running FC5 with sendmail 8.13. I notice a ton of email leaving the server with unknown "from" addreses. Shouldn't mail from our local domain only be allowed to send out?
- 06-10-2008 #2
How much do you know about sendmail and its in-securities?
Sendmail has very well known exploits and unless your added secure directives and maybe even protected out going mail via another method your doomed to be blacklisted soon.
I suggest you read all you can, and research other forums especilly sendmail ones to secure your setup.
To anwser your question directly, yes - but that doesn't equate to garentee-ing that it ONLY does so, as it may be a store and forward exploit.
FC5 is pretty old, best ensure your got the latest updates etc.
- 06-10-2008 #3
- 06-11-2008 #4
- Join Date
- Sep 2006
Can you define "open relay"? I thought the version of sendmail I'm running by default will not relay mail. The online tests I run all say "not" an open relay. It looks like a SMTP thing and I'm researching it. Any additional help would be appreciated.
- 06-11-2008 #5
I guess technically your right, an "open relay" implies that external sources are using your server as a jump off to relay mail. but to me, if someone can forge mail on your system from the outside, then they could send an email to anyone they want using your server. that sounds kind of open-ish to me
I personally don't use sendmail but I was just trying to help with the idea of whats wrong. were I work we split the funtions of our mail, incoming smtp is not the same server that sends our mail, our incoming and outgoing are different servers. so then for incoming smtp we reject any mail that has mail from = ourdomain.com since that should never happen. the only way anyone outside should be able to connect to your server and send as yourdomain.com should be if that have autheniticated, like an email client.
just my opinion, sorry if it confused.