![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Sendmail question
- Thread starter Muir
- Start date
[H]EMI_426
2[H]4U
- Joined
- Feb 19, 2001
- Messages
- 3,965
Yes.
[H]EMI_426
2[H]4U
- Joined
- Feb 19, 2001
- Messages
- 3,965
Honestly, I'd block off access to sendmail using tcpwrappers instead of trying to do things with sendmail...Or some other firewall. What exactly are you trying to do? It might help if we had a better picture of the whole setup.
Basically we have a Freebsd server running sendmail, apache, mysql etc. It is our primary mail server. We purchased an internet appliance that filters our email for spam and virii then forwards it on to our sendmail server. What is happening, even after changing our MX records to point to the new appliance is the spammers are using our external IP to get spam in. We do not want the sendmail server accepting any messages except from our spam filter. I would just put it behind our router/firewall and give it an internal IP address, however it hosts websites etc..
And of course, me the complete n00b at Freebsd gets to tackle the project.
And of course, me the complete n00b at Freebsd gets to tackle the project.
[H]EMI_426
2[H]4U
- Joined
- Feb 19, 2001
- Messages
- 3,965
I'd firewall it off using ipf/ipfw and only allow access from the IP you want. Why can't you put it behind a firewall? You should be able to pass port 80 through...
N
nig|ger
Guest
Sendmail can't really be told to only respond to specific addresses. It can be configured to only relay for certain domains, or not accept mail from certain domains, or the like, but tcp wrappers or the firewall would be the best way to do this.
This should be simple but for some reason your external hosts are not firewalled. I guess you have your external hosts and a NAT appliance connected to your service provider. I guess that works but you might consider software firewalls on all external machines and seperate interfaces to connect your external machines to your internal network. Then sendmail could simply bind to only the internal interface.
This is sucks compared to a real DMZ because if your web/mail server gets rooted the attacker can use it to bypass your real firewall, but it requires almost no additional hardware.
This should be simple but for some reason your external hosts are not firewalled. I guess you have your external hosts and a NAT appliance connected to your service provider. I guess that works but you might consider software firewalls on all external machines and seperate interfaces to connect your external machines to your internal network. Then sendmail could simply bind to only the internal interface.
This is sucks compared to a real DMZ because if your web/mail server gets rooted the attacker can use it to bypass your real firewall, but it requires almost no additional hardware.
Thanks for the tips guys. I am currently the NT admin but I am working on moving over and becoming a Freebsd admin here at work as well. Two different worlds imo. Luckily all of my NT stuff is behind the firewall and not hosting websites, mail etc. That is all Freebsd. Wish me luck.