Steve Searle wrote:
Around 03:51pm on Tuesday, March 06, 2007 (UK time), Aaron Konstam scrawled:
Incidentally, I also had to open a peephole in my ADSL modem,
and add a rule to shorewall to allow email in.
It is not dangerous at all if you have proper firewalls, The access
database in /etc/mail
Is this true. I understood the firewall has to be open to allow
sendmail to accept email from the internet, and that could be email for
the domain, or email for other domains, and the firewall can't
differentiate. Which is why sendmail needs to be configured to not
accept email for domains other than those that are specifically
intended.
The stock access file in the distro prevents any mail from being
accepted from outside machines unless it is addressed to the local host
or one of the names you have configured for it to accept. The idea that
sendmail automatically relays everything should have been put to rest
sometime in a previous century. And distribution configs should have
started including SMTP AUTH over ssl as the default way to permit
forwarding as a relay.
--
Les Mikesell
lesmikesell@xxxxxxxxx
