RE: Sendmail 8.11 configuration/security issue

["Keith T. Morgan" <keith.morgan () terradon com>]

I know exactly what's occuring.  We use a commercial content security gateway for a lot of our customers to handle that 
situation.  Most of the good commercial CSGs will prevent spoofing from "external" networks like you've described.  
I've not found a way to accomplish this using sendmail via the "FEATURE_WHATEVER" and running them through m4.  My 
guess is you'd need to drag out the batbook and hack up your .cf file by hand.  (ugh)

I don't know what this would involve in terms of client volume, general mayhem, and PITA factor, but you could always 
go the TLS/SSL authentication route.  In a small (one or two domain) configuration, I've found postfix to be the MTA of 
choice for that type of deployment.  Make 'em authenticate.  If they do, let 'em relay and log it.  If someone's 
spamming, you know exactly who to lynch.


-----Original Message-----
From: john65 () pobox com [mailto:john65 () pobox com]
Sent: Friday, January 03, 2003 1:03 PM
To: security-basics () securityfocus com
Subject: Re: Sendmail 8.11 configuration/security issue


On Fri, 3 Jan 2003 oobs3c02 () attbi com wrote:

> I'm running sendmail 8.11 on a Solaris server. The server has a single
> interface and sits in my DMZ. I'm trying to find a way to block
> inbound mail with my domain spoofed as the sender.

I'm not sure what you accomplish by doing this.
see:
http://groups.google.com/groups?selm=8nl0kt%24mna%241%40zardoc.endmail.org&output=gplain