Rocksolid Light

Welcome to Rocksolid Light

mail  files  register  newsreader  groups  login

Message-ID:  

"Wish not to seem, but to be, the best." -- Aeschylus

computers / comp.mail.sendmail / Re: running smtp and submission port

SubjectAuthor
* running smtp and submission portjake
`* running smtp and submission portClaus Aßmann
 `* running smtp and submission portKnute Johnson
  `* running smtp and submission portClaus Aßmann
   `* running smtp and submission portKnute Johnson
    `* running smtp and submission portClaus Aßmann
     `- running smtp and submission portMarco

1
running smtp and submission port

<4V%wL.84444$SdR7.18354@fx04.iad>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=1470&group=comp.mail.sendmail#1470

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!feed1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx04.iad.POSTED!not-for-mail
Newsgroups: comp.mail.sendmail
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
From: oceanviewsoft@yahoo.com (jake)
Subject: running smtp and submission port
Lines: 37
Message-ID: <4V%wL.84444$SdR7.18354@fx04.iad>
X-Complaints-To: abuse(at)newshosting.com
NNTP-Posting-Date: Sun, 15 Jan 2023 23:22:40 UTC
Organization: Newshosting.com - Highest quality at a great price! www.newshosting.com
Date: Sun, 15 Jan 2023 23:22:40 GMT
X-Received-Bytes: 2166
 by: jake - Sun, 15 Jan 2023 23:22 UTC

Hi Folks,

I just want to verify I have a safe configuration. Everything is working for me good.

My sendmail.mc file:
--------------------------------
include(`/etc/mail/tls/starttls.m4')dnl
FEATURE(`no_default_msa')dnl
define(`confAUTH_OPTIONS', `y')dnl
TRUST_AUTH_MECH(`PLAIN DIGEST-MD5 CRAM-MD5')dnl
define(`confAUTH_MECHANISMS', `PLAIN DIGEST-MD5 CRAM-MD5')dnl
define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl
DAEMON_OPTIONS(`Port=587, Name=MSA, M=Ea')dnl #watch port 587 for my submissions outgoing from TB
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl #watch port 25 for incoming email from internet

I have STARTTLS and PLAIN password working on 587. I am confident that i am the only one who can send email on port 587.

However, port 25 I am not so sure. i only want to receive emails for local delivery to my server. (mydomain.com) I have sasl and dovecot setup to service the Thunderbird client. The MX record for my domian naturally sends traffic to port 25. I do not want to relay or send anyones SPAM from port 25 but i need to read my own incoming email from port 25. Any advice how to harden this or am i safe already?

thank you so much for the help,
--jake

Re: running smtp and submission port

<tqba7d$o84$1@news.misty.com>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=1471&group=comp.mail.sendmail#1471

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_NO_CC_REMOVE_IF_YOU_DO_NOT_POST_ml+sendmail(-no-copies-please)@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: running smtp and submission port
Date: Thu, 19 Jan 2023 06:40:29 -0500 (EST)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <tqba7d$o84$1@news.misty.com>
References: <4V%wL.84444$SdR7.18354@fx04.iad>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 19 Jan 2023 11:40:29 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="24836"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
 by: Claus Aßmann - Thu, 19 Jan 2023 11:40 UTC

jake wrote:

> TRUST_AUTH_MECH(`PLAIN DIGEST-MD5 CRAM-MD5')dnl

> DAEMON_OPTIONS(`Port=smtp, Name=MTA')

> I have STARTTLS and PLAIN password working on 587.
> I am confident that i am the only one
> who can send email on port 587.

Provided your auth password doesn't get hacked.
If you only use PLAIN, you should remove the other machs.

> However, port 25 I am not so sure.

Turn off AUTH on port 25 as you don't use it. Relaying is denied
by default but a successful authentication would allow it.

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

Re: running smtp and submission port

<tqbr14$1k5rq$1@dont-email.me>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=1472&group=comp.mail.sendmail#1472

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: knute2022@585ranch.com (Knute Johnson)
Newsgroups: comp.mail.sendmail
Subject: Re: running smtp and submission port
Date: Thu, 19 Jan 2023 10:27:16 -0600
Organization: A noiseless patient Spider
Lines: 12
Message-ID: <tqbr14$1k5rq$1@dont-email.me>
References: <4V%wL.84444$SdR7.18354@fx04.iad> <tqba7d$o84$1@news.misty.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 19 Jan 2023 16:27:16 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="b1227213d806954039b3c14a28a58ce7";
logging-data="1709946"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+nA2Ize2Rc7sg450e1Ml9I"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.4.2
Cancel-Lock: sha1:or3RS6n32qqElq9aTvZRBeH1lg4=
Content-Language: en-US
In-Reply-To: <tqba7d$o84$1@news.misty.com>
 by: Knute Johnson - Thu, 19 Jan 2023 16:27 UTC

On 1/19/23 05:40, Claus Aßmann wrote:
>
> Turn off AUTH on port 25 as you don't use it. Relaying is denied
> by default but a successful authentication would allow it.
>

I know how to require AUTH but not how to deny AUTH on port 25?

Thanks,

knute...

Re: running smtp and submission port

<tqc1co$ilb$1@news.misty.com>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=1473&group=comp.mail.sendmail#1473

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_NO_CC_REMOVE_IF_YOU_DO_NOT_POST_ml+sendmail(-no-copies-please)@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: running smtp and submission port
Date: Thu, 19 Jan 2023 13:15:52 -0500 (EST)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <tqc1co$ilb$1@news.misty.com>
References: <4V%wL.84444$SdR7.18354@fx04.iad> <tqba7d$o84$1@news.misty.com> <tqbr14$1k5rq$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 19 Jan 2023 18:15:52 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="19115"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
 by: Claus Aßmann - Thu, 19 Jan 2023 18:15 UTC

Knute Johnson wrote:

> I know how to require AUTH but not how to deny AUTH on port 25?

See the fine documentation op.*

DaemonPortOptions=options

Modifier can be a sequence (without any
delimiters) of the following characters:

a always require AUTH
...
A disable AUTH (overrides 'a' modifier)

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

Re: running smtp and submission port

<tqc7pv$1m832$1@dont-email.me>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=1474&group=comp.mail.sendmail#1474

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: knute2022@585ranch.com (Knute Johnson)
Newsgroups: comp.mail.sendmail
Subject: Re: running smtp and submission port
Date: Thu, 19 Jan 2023 14:05:19 -0600
Organization: A noiseless patient Spider
Lines: 24
Message-ID: <tqc7pv$1m832$1@dont-email.me>
References: <4V%wL.84444$SdR7.18354@fx04.iad> <tqba7d$o84$1@news.misty.com>
<tqbr14$1k5rq$1@dont-email.me> <tqc1co$ilb$1@news.misty.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 19 Jan 2023 20:05:20 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="b1227213d806954039b3c14a28a58ce7";
logging-data="1777762"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18PLk02O2N4PHfM70035BbU"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.4.2
Cancel-Lock: sha1:Wzgv3BG97YkrdAgHn1q7ORm2N3s=
In-Reply-To: <tqc1co$ilb$1@news.misty.com>
Content-Language: en-US
 by: Knute Johnson - Thu, 19 Jan 2023 20:05 UTC

On 1/19/23 12:15, Claus Aßmann wrote:
> Knute Johnson wrote:
>
>> I know how to require AUTH but not how to deny AUTH on port 25?
>
> See the fine documentation op.*
>
> DaemonPortOptions=options
>
> Modifier can be a sequence (without any
> delimiters) of the following characters:
>
> a always require AUTH
> ..
> A disable AUTH (overrides 'a' modifier)
>
>

Yes it is in the doc. I've got your book too and it is right there on
page 996. I've looked at it a lot and just didn't see it.

Works like a charm.

Thanks Claus!

Re: running smtp and submission port

<tqcaa3$v07$1@news.misty.com>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=1475&group=comp.mail.sendmail#1475

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_NO_CC_REMOVE_IF_YOU_DO_NOT_POST_ml+sendmail(-no-copies-please)@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: running smtp and submission port
Date: Thu, 19 Jan 2023 15:48:03 -0500 (EST)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <tqcaa3$v07$1@news.misty.com>
References: <4V%wL.84444$SdR7.18354@fx04.iad> <tqbr14$1k5rq$1@dont-email.me> <tqc1co$ilb$1@news.misty.com> <tqc7pv$1m832$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 19 Jan 2023 20:48:03 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="31751"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
 by: Claus Aßmann - Thu, 19 Jan 2023 20:48 UTC

Knute Johnson wrote:

> Yes it is in the doc. I've got your book too and it is right there on

It's not "my" book. Brian wrote it.

> page 996. I've looked at it a lot and just didn't see it.

That's why a searchable text document is better :-)
vi op.txt
/AUTH
n ... until you find what you wanted.

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

Re: running smtp and submission port

<tqdgsl$1v8js$1@dont-email.me>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=1476&group=comp.mail.sendmail#1476

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: mo01@posteo.de (Marco)
Newsgroups: comp.mail.sendmail
Subject: Re: running smtp and submission port
Date: Fri, 20 Jan 2023 08:46:29 +0100
Organization: A noiseless patient Spider
Lines: 19
Message-ID: <tqdgsl$1v8js$1@dont-email.me>
References: <4V%wL.84444$SdR7.18354@fx04.iad>
<tqbr14$1k5rq$1@dont-email.me>
<tqc1co$ilb$1@news.misty.com>
<tqc7pv$1m832$1@dont-email.me>
<tqcaa3$v07$1@news.misty.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Injection-Date: Fri, 20 Jan 2023 07:46:29 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="10bf1331f8b40dc025938d00fa6706f9";
logging-data="2073212"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+jDB+lG8BdLr1KZ13TQr4h"
Cancel-Lock: sha1:iKtp2UOnLu7TTYWa92cRkAvndNs=
 by: Marco - Fri, 20 Jan 2023 07:46 UTC

Am 19.01.2023 schrieb Claus Aßmann:

> Knute Johnson wrote:
>
> > Yes it is in the doc. I've got your book too and it is right there
> > on
>
> It's not "my" book. Brian wrote it.

But you are also mentioned on the first page. :-)
> > page 996. I've looked at it a lot and just didn't see it.
>
> That's why a searchable text document is better :-)

The book (sendmail 4th edition) is available as a PDF for buying, but
some anonymous Russian FTP server have it too - intentionally public or
not - I don't know.

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor