[ydl-gen] Re: Setting up sendmail to send mail (via SMTP)

[pstreibig]

Eric Dunbar wrote:
> On 17/08/06, pstreibig <pstreibig at bcj.com> wrote:
>> Eric Dunbar wrote:
>> > On 16/08/06, Eric Dunbar <eric.dunbar at gmail.com> wrote:
>> >> Hello all, I'm trying to make my server a little more user-friendly
>> >> for my
>> >> friends and for that to  happen I need to add the ability for the
>> >> server to
>> >> SEND mail.
>> >>
>> >> My ISP (Bell Sympatico) blocks all attempts to deliver mail 
>> directly to
>> >> another mail server. The only way for me to get mail out is by
>> >> connecting to
>> >> my ISP's mail SMTP mail server using a username and password, over 
>> SSL.
>> >>
>> >> Does anyone have any idea how to set sendmail (or another MTA) up on
>> >> YDL to
>> >> send mail from the server (a Gallery installation, to be specific) 
>> to a
>> >> public internet address?
>> >>
>> >
>> > Well, I managed to answer my own question by stumbling on the right
>> > web page at sendmail's site:
>> > <http://www.sendmail.org/~ca/email/auth.html> under the section 'Using
>> > sendmail as a client with AUTH'.
>> >
>> > On a hunch I changed an extra setting alongside the preferences
>> > settings. Using the Webmin sendmail interface I made the following
>> > additional change:
>> >
>> > Change #1 (not listed at page cited above):
>> > "Send outgoing mail via host" is now set to my ISP's mail server (in
>> > my case: smtphm.sympatico.ca
>
>> DANGER!
>> Be extra careful here with your sendmail settings once you implement
>> this. Unless you are locking down access to your sendmail (for your
>> friends) you could be creating an open relay.  This could be considered
>> a breach of contact by your ISP, and cause other nastiness such as bots
>> relaying spam through your authenticated to ISP connection.
>
> It's not actually meant to relay mail for any users. Its only reason
> for existing is to allow the gallery 1 and gallery 2
> (http://gallery.menalto.com/) installations on the server to send
> outbound e-mail.  I'm fairly sure that external e-mail relaying is
> disabled since a "telnet serverIPaddress 25" says connection refused
> and the sendmail 'SMTP port options' are set to
> 'Port=smtp,Addr=127.0.0.1, Name=MTA' (From Webmin help: This option
> allows you to configure what IP address and port the sendmail server
> listens on.).
>
> Besides, the router does not relay any inbound 'port 25' requests to
> the server so someone outside the local network would be unable to get
> to the server via that port anyway.
>
Ok, that's good.  I was not familiar with what you meant by Gallery user 
before reading the posted link.  Operating without many specifics I 
merely wanted to point out that this can cause problems.  I was wary 
about providing mail services to users without authentication.  As Chris 
mentioned, Postfix is pretty well secured by default, however users with 
accounts on the server and computers on your LAN would be able to send 
mail.  This could include wireless users and and infected machines on 
your LAN.
Having inherited control of an old linuxPPC mailserver that was listed 
as an open relay a number of years back I recalled my frustrations.
That was also the first time i'd ever touched linux...
>> That being said, I believe sendmail reads it's configs the same way
>> postfix does (which i am familiar with using).  If this is the case,
>> then having a duplicate entry should not matter.  Grouping your changes
>> at the end of the config will make your life easier than having to
>> search throughout the entire config file.  Just for your own sanity you
>> should note why you made the changes.
>
> Notes made :-)
>
>> I'm curious though, when you say your ISP blocks all outbound mail.  How
>> are they implementing this?  I guess it's more academic curiosity, but
>> did you try changing the default port for sendmail?  There are more
>> reasons for not doing this than for doing it though, not the least of
>> which being the pain of maintaining an up to date, fully patched secure
>> mail server, which ideally your ISP is doing for you already.
>
> See Chris Murtagh's email for an succinct answer to your question.
Yes, that did confirm my suspicions.  Your current solution seems the 
most elegant. 
As for the sendmail v. postfix debate, well, you have sendmail running 
now.  In my experience most people have problems simply getting sendmail 
configured correctly and running the way they would like it to.  I can 
currently see no reason to change.  If you have the time and 
inclination, Postfix is definitely the better choice, esp. for expanded 
services.  I can't verify on my ydl machine, due to a home disaster, but 
in my experience, sendmail is installed by default on *nix machines.  
Correct me if I'm wrong here :)  Many root and user notifications are 
sent by the system and applications via the basic sendmail system.  
Postfix and other MTAs are frequently included as the preferred MTA of a 
distro, but generally users need to switch from sendmail to Postfix via 
the method Chris described.

cheers
:ps

Sorry in advance if this message hits the list in two similar forms, but 
my first attempt appears to have evaporated after a successful status=sent..