Email question

Alexander Dalloz alexander.dalloz at uni-bielefeld.de
Sat Jul 31 01:19:11 UTC 2004 

Am Sa, den 31.07.2004 schrieb Jake McHenry um 2:44:

> I just deleted all files in queue, and already got some more: result of
> mailq ... started as pages and pages of this. if I get rid of virtusertable,
> mailq stays at 0.

Curious. Unfortunately you did not give an impression what you entered
into the virtusertable.

>                 /var/spool/mqueue (1 request)
> -----Q-ID----- --Size-- -Priority- ---Q-Time--- --------Sender/Recipient----
> ----
> i6V0dRbA009914*    2084     210559 Jul 30 20:39 <z3vsr.jcchg at foredu.com.cn>
>       8BITMIME
>                                                 <skywalk at cht.com.tw>
>                                                 <skywalker at lager.com.tw>
>                                                 <skywalk.liu at msa.hinet.net>
>                                                 <skyw70617 at yahoo.com.tw>
>                                                 <skywaker1126 at yahoo.com.tw>
>                                                 <skywalker0802 at yahoo.com.tw>
>                                                 <skyw1026 at yam.com>
>                 Total requests: 1

That looks really like SPAM attempts through an open relay. Do these
queued messages will sit there or will they be delivered if you do not
prevent this? I fear it is last case. If you do a relay test your own,
does it show your host as open?

> sendmail.mc file

That is not based on the default Fedora sendmail.mc. You run the Fedora
Sendmail 8.12.10 or 8.12.11?

> divert(-1)dnl
> include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
> VERSIONID(`setup for Red Hat Linux')dnl
> OSTYPE(`linux')dnl
> define(`confDEF_USER_ID',``8:12'')dnl
> define(`confTRUSTED_USER', `smmsp')dnl

^^^^^^^^^^^^^ This line is very bad and was in the default sendmail.mc
prior to Fedora. You should remove that as it breaks the security model
of Sendmail introduced with release 8.12.

> define(`confTO_CONNECT', `1m')dnl
> define(`confTRY_NULL_MX_LIST',true)dnl
> define(`confDONT_PROBE_INTERFACES',true)dnl
> define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
> define(`ALIAS_FILE', `/etc/aliases')dnl
> define(`UUCP_MAILER_MAX', `2000000')dnl
> define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
> define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
> define(`confAUTH_OPTIONS', `A')dnl
> define(`confTO_IDENT', `0')dnl
> FEATURE(`no_default_msa',`dnl')dnl
> FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
> FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
> FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl

The "-o" parameter is not good, although it is by default in the .mc
file of Fedora's Sendmail. But it prevents to see if there is something
going wrong with such a map file. At least for debugging change it to:

FEATURE(`mailertable')dnl
FEATURE(`virtusertable')

> FEATURE(redirect)dnl
> FEATURE(always_add_domain)dnl
> FEATURE(use_cw_file)dnl
> FEATURE(use_ct_file)dnl
> FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
> FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
> FEATURE(`blacklist_recipients')dnl
> EXPOSED_USER(`root')dnl
> DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
> LOCAL_DOMAIN(`localhost.localdomain')dnl
> 
> MAILER(smtp)dnl
> MAILER(procmail)dnl

This rest is all default from the Redhat/Fedora sendmail.mc file. There
is no macro activated which configures Sendmail dangerously or even as
an open relay.

Your sendmail.cf is based on this .mc file? You have the sendmail-cf
package installed and a "make -C /etc/mail" does not print out errors? I
ask to be sure about these basics.

What about your submit.mc file, any changes there?

> access file
> 
> # Check the /usr/share/doc/sendmail/README.cf file for a description
> # of the format of this file. (search for access_db in that file)
> # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
> # package.
> #
> # by default we allow relaying from localhost...
> localhost.localdomain           RELAY
> localhost                       RELAY
> 127.0.0.1                       RELAY
> 
> 24.229.98.7                     RELAY

Ok, that access_db is very basic and apart from last line contains only
the necessary 3 default lines for localhost. So there must be something
different that leads to the current situation. In a different thread you
mentioned you have DRAC running - how is that configured and activated?

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.6-1.435.2.3.ad.umlsmp 
Serendipity 02:54:42 up 4 days, 12:01, load average: 0.31, 0.45, 0.34 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040731/b28b0d4f/attachment-0001.sig>

More information about the fedora-list mailing list