Make sendmail require authentication for mail from local domains

authenticationsendmailsmtp

Server is running sendmail 8.14

From any machine:

$ telnet mydomain.com 25
HELO mydomain.com
MAIL FROM: <me@mydomain.com>
RCPT TO: <me@mydomain.com>
DATA
this is spam
.

How do I require authentication for any mail that claims to be from a local domain?

This seems like a no-brainer anti-spam feature.

FROM         TO           RESULT
any          non-local    "Relaying denied. Proper authentication required."
non-local    local        success [1]
local        local        success [2]

[1] This is acceptable. Outsiders can send to local users without any kind of authentication. Various DNS checks can be done.

[2] This is the problem. Why should I allow anyone to mail a local user while claiming to be a local user?

Best Answer

As noted here:

You can require the use of SMTP AUTH for relaying by simply turning off other means of relaying for incoming mail, e.g., the access map or class R. That is, if you have my.domain in /etc/mail/relay-domains or "my.domain RELAY" in the access map, then remove the entry from class R (/etc/mail/relay-domains) and use "To:my.domain RELAY" in the access map.

Related Solutions

Configuring sendmail to redirect all e-mail to a single user

Please do yourself, and the world, a favour and replace Sendmail with something easier to configure and maintain, like Exim or Postfix. I would normally vote down answers that said "use a different product", but in the case of Sendmail, I think it's worth the risk. Sendmail is very complex to configure compared to modern MTAs and should only be used if you have an existing complex Sendmail infrastructure and you have considerable Sendmail experience.

Also, I don't know if it's a typo or not, but you have

m4 /etc/mail/sendmail.mc > /etc/mail/endmail.cf

Notice the endmail.cf, rather than sendmail.cf.

Centos – sendmail error “Relaying denied. Proper authentication required. (state 14).”

According to your sendmail.mc your sendmail setup supports SMTP authentication and STARTTLS. When you connect "by hand" (telnet) on port 25 you are not using any of these options. However, it seems that your client is setup to connect to your sendmail server and use either SMTP authentication or STARTTLS (or both) and your server, although it claims to support these options, is not properly configured.

Have your client connect to port 25 at the server and uncheck any options that enable STARTTLS, SSL, TLS or SMTP-AUTH. Your other choice is to configurethem properly after reading the sendmail documentation.

Best Answer

Related Solutions

Configuring sendmail to redirect all e-mail to a single user

Centos – sendmail error “Relaying denied. Proper authentication required. (state 14).”

Related Topic