SendMail Help

Rick Stevens rstevens at vitalstream.com
Wed Aug 16 00:46:28 UTC 2006 

On Tue, 2006-08-15 at 17:50 -0600, brad.mugleston at comcast.net wrote:
> On Tue, 15 Aug 2006, mylar wrote:
> 
> > On Mon, 2006-08-14 at 21:29, brad.mugleston at comcast.net wrote:
> > > Hello, now to a different problem,
> > >
> > > I've shut down internet access to my house except during specific
> > > times of the day to cut down on the use by my teenagers.  I'm doing
> > > this with my Linksys router.  One thing I do have set up is a 24/7
> > > opening for my FC9 box to run Fetchmail so my online mail boxes done
> > > get too full.  This seems to be working fine.
> > >
> > > BUT I also would like to open up SendMail, from all machines, so I can
> > > send email 24/7 also.
> > >
> > > Any ideas on this?
> > >
> > > Brad
> >
> > I don't know how your network is set up  but can't you block access to
> > all but port 25 during those  hours ?
> >
> I have the ability to block ports and I could set that up but it
> appears to block all ports when the web is locked out so I need
> to UNBLOCK ports.
> 
> BUT I can give it a shot.  I know SMTP is port 25 but what ranges
> do I want to block and still have usability within my home
> network?  i.e. do I block 0 to 24 and then 26 to ?? or will that
> shut too much down?  BTW I only have TWO ranges I can block.

Let's see if we can sort this out.  First off, you have to decide if you
want all of your machines to be able to send mail directly or if you
want to designate a "mail hub" which receives mail from all of your
internal machines and sends it out on behalf of them.

For security reasons, I recommend a mail hub (only it is exposed to the
internet, centralizes virus and spam filtering, etc.).  So, on all
of the machines EXCEPT the mail hub, make sure you have:

	define(`SMART_HOST', `name-of-mail-hub-machine')dnl

in the sendmail.mc file.  You also should decide if you want the hub
to receive mail on behalf of all your machines.  If so, also define
the MASQUERADE_AS macro:

	define(`MASQUERADE_AS', `host.domain.tld')dnl

Now, as to firewalls, only the mail hub needs to talk to the internet
over port 25.  The rest of the machines in your network will use port
25 to talk to the mail hub.  So, the firewall rules on the router should
permit the mail hub port 25 access to the internet and should block all
others.  Do NOT block port 25 on any of the internal machines (either
through iptables or Windows firewalls).

----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-                      LOOK OUT!!! BEHIND YOU!!!                     -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list