I have a Centos server and I want to only accept mail for the local users from 3 mail servers, but I still want the users to be able to send emails through this server, If I firewall the SMTP port to my 3 mail servers is there any way users will be able to still send via the main POP server ? (currently using Sendmails SMTP-Auth) Thanks Denis
Hello- If you firewall smtp to only accept connections from your 3 internal hosts, you won't get any inbound email from outside since external hosts can't reach the smtp server. Outbound mail will work ok from that server or the 3 firewall allowed internal hosts. POP is for retrieving email from the server. If your goal is to have the CentOS box serve as a mail gateway for inbound & outbound email, you'd use /etc/mail/access to control how sendmail handles connections from hosts. In that file you'd give your 3 internal hosts permission to relay mail through that server. On 1/14/07, Denis Croombs <denis at croombs.org> wrote:> > I have a Centos server and I want to only accept mail for the local users > from 3 mail servers, but I still want the users to be able to send emails > through this server, If I firewall the SMTP port to my 3 mail servers is > there any way users will be able to still send via the main POP server ? > (currently using Sendmails SMTP-Auth) > > Thanks > > Denis > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070114/f7633590/attachment.html>
________________________________ From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Don Knott Sent: Sunday, January 14, 2007 8:09 AM To: CentOS mailing list Subject: Re: [CentOS] Firewalling SMTP On 1/14/07, Denis Croombs <denis at croombs.org> wrote: I have a Centos server and I want to only accept mail for the local users from 3 mail servers, but I still want the users to be able to send emails through this server, If I firewall the SMTP port to my 3 mail servers is there any way users will be able to still send via the main POP server ? (currently using Sendmails SMTP-Auth) Thanks Denis ____________________________ I would setup SMTP-Auth and have sendmail ALSO listen on port 587 for users' to relay their mail. An external mail server would not attempt to deliver mail to a port other than 25. I'd use iptables to drop all connections to port 25 except for the 3 external hosts you want...problem solved. Mike
Denis Croombs wrote:> I have a Centos server and I want to only accept mail for the local users > from 3 mail servers, but I still want the users to be able to send emails > through this server, If I firewall the SMTP port to my 3 mail servers is > there any way users will be able to still send via the main POP server ? > (currently using Sendmails SMTP-Auth)sending mail is not a standard POP feature, and it's not what sendmail uses. Your choices for limiting access to sendmail include: 1. Limiting the addresses it listens to. You don't want it listening to public IP addresses. 2. Using /etc/hosts.{allow,deny} to control what addresses sendmail accepts connexions from. 3. Using an external firewall to control who can connect to your mail server. This is appropriate, for example, when you use ADSL and have a "hardware" router manage your internet connexion. You can also choose to use a PC in this role (I do it with an HP Vectra Pentium II running Debian and Shorewall). 4. Using netfilter on your mail server as above. See www.netfilter.org and "man iptables." 5. Sendmail (probably) has its own additional means of controlling who can connect: I use Postfix, and for certain and sure Postfix has. Note that smtp-auth controls (effectively) people, without regard for where they actually are on the Internet. If I kbow an account name and password for your system, I can use your servers from here in Western Australia unless use use one of the options above. None of the options above has any implications for people sending email through your mail service provided that they are physically attached to some place you've authoriseed as above. -- Cheers John -- spambait 1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu Please do not reply off-list