Yes and no. Crist Clark was kind enough to point out that there are some entries in /etc/mail/cf/domain/solaris-generic.m4 that clobber the settings one puts in /var/mail/cf/cf/local.mc. My problem was that the line FEATURE(`relay_entire_domain')dnl, which was included in the solaris-generic.m4 file, had more influence than the FEATURE(relay_hosts_only)dnl that I typed into my sendmail.mc file. So all hosts were still able send out. To fix this, I noted that the solaris-generic file was referenced in sendmail.mc, so I edited it and changed solaris-generic to solaris-antispam, ran make, copied the cf file over and restarted sendmail. The unwanted permissive behaviour ceased and now only hosts listed in relay-domains were allowed to send out. Success! Everyone else who replied recommended that I remove sendmail completely and deploy a less queer mail program. Thanks to all who replied, especially Crist for getting my eyes moving in the right direction. This is arguably a Solaris-specific sendmail peculiarity. jake On Wed, Jun 18, 2008 at 3:34 PM, Jacob Ritorto <jacob.ritorto@gmail.com> wrote: > Hi all, > My mailserver (which has correct MX records and a working NAT > to the internet) was letting out virus mail from our PCs to the > internet. It's the stock Sun sendmail config that ships with Solaris > 10 u4, which allows anything inside to send out. So I wanted to crack > down a bit and allow mail to originate from only a few known good > hosts. > > I went into the /etc/mail/cf/cf directory and added the > FEATURE(relay_hosts_only) line to sendmail.mc. > > Then I ran make and copied the resulting sendmail.cf file to /etc/mail. > > Then I went to /etc/mail and made a file called relay-domains > containing my handful of good sender hostnames. > > Then I svcadm restarted sendmail. > > Nothing changed -- I'm still able to send mail out from any host on > the internal subnets via this mailserver (verified this manually using > mconnect). Would someone point out my mistake, please? > > thx > jake _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Fri Jun 20 14:51:57 2008
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:11 EST