Hosts for which relaying is permitted

Instead, use the macros we present here. If you use it directly, you risk breaking your configuration file if sendmail changes in the future. Here, the list is one or more hosts or domains separated from each other by spaces:. If you find it more convenient to list them on separate lines you can do so like this:. The list can be host or domain names, or IP numbers, or network numbers.

IPv6 addresses can be specified by prefixing each with the literal text IPv6 :, as for example:. You can also maintain a list of hosts, domains, and addresses that can be relayed to in an external file.

That file is declared with the following macro:. For example:. If you are currently reading relaying information from a file declared directly with the F configuration command, you are encouraged to convert to this new macro.

Use of it will insulate you from change in the future if a different class name is ever used. For example, the following address uses the percent-hack to relay mail through hostA for delivery to hostB :. The intention here is to cause sendmail to connect to the hostA host and send the message by specifying user hostB as the envelope-recipient, meaning that hostA will relay the message to hostB. V8 sendmail no longer allows the percent-hack form of relaying without first performing two checks.

If the connected-to host is neither in that class nor OK'd by the access database, the message is rejected with: [16]. To use it, include the leading , but exclude the 5. If the destination host is neither in that class nor OK'd by the access database, the message is rejected; otherwise it is accepted for delivery.

One way to list them might look like this in your mc configuration file:. If it is not possible for you to know ahead of time which hosts should be listed in that class, you might want to loosen this check. But be forewarned, if you think you need to loosen this check, you probably do not need to. Use this feature with caution! Consider, for example, a spam site sending a spam message with the following envelope-recipient:.

Note that this feature can be of benefit in an internal network protected by a well-configured mail gateway and a firewall because it allows testing of internal mail hubs as potential MX servers for internal-only email. Sometimes it is beneficial to set up a mail server that will relay mail from any host that connects to it. Consider a main mail-sending machine that exists behind a firewall. In this example, the mail-sending machine is separate from the mail-receiving machine.

The mail-sending machine has inbound port 25 blocked at the firewall so that it cannot receive mail from anywhere but the internal network. You declare it like this:.

To underscore the risk associated with this feature, the following warning will be printed each time you build with your mc configuration file:. By declaring this feature, you tell sendmail to allow mail received by the local machine from anywhere in the world to be relayed outward to any machine in the world.

This opens up the local machine to be used by spam engines worldwide, and almost guarantees that the local machine will eventually become listed by one or more DNSBL sites.

You should use this feature only if the affected machine is secured by other means. When sendmail receives a message bound for another host, it might be doing so because the local machine is listed as an MX record for that other host Section 9.

When that other host comes back up, sendmail will deliver all such queued messages to it. There might be times, however, when your site must be an MX server for an unknown number of sites, or an unknown variety of domains. One such example might occur when your machine is behind a firewall on a private network. You might be the central MX site for all internal domains that are created or renamed often. When you declare this feature, you allow sendmail to relay mail to any host for which your site is listed as an MX record.

Fortunately you don't have to keep track of which hosts do list your site because this feature makes the process automatic. This feature should be used only in an environment where you administer or trust the DNS records. You should not use it if your DNS lookups come from the Internet at large because, in that instance, anyone in the world would be able to use your machine as an MX server without your knowledge or permission.

By default, only hosts listed in the access database Section 7. Note, however, that if your host is named something such as bob. When sendmail checks to see if a domain should be allowed to relay, it interprets each domain as a top-level domain.

As an alternative, you can have sendmail interpret each name as the literal name of a host. With this feature declared, sendmail will compare the sending host to the list of hosts, and to hosts looked up in the access database, on a host-by-host basis.

Another hostsay, hostB. Clearly this feature gives you more control over who can and cannot relay. It can be of value at a site that is populated by some network printers and some Unix machines.

Because this feature poses risk, the following warning will be printed each time you build with your mc configuration file:. The risk should be obvious.

That is, by declaring this feature, you are opening up your host to abuse by the entire world. Am i missing a configuration that will allow relaying from only the two trusted hosts? Any help will be greatly appreciated. Thanks KS. Join Date: May This line tells you where the email came from. I have no clue about 'lab'.

It is definitely not in my relay-domains. What could be wrong with the way that sendmail is setup. I am also researching this I did not understand what you meant by Do you mean the sendmail server?

Last edited by skotapal; at PM.. Sendmail relay failing. Hi Techies Bit new to sendmail thingy. I have a Solaris 10 box. There is a request generated by customer that they want Solaris 10 box to use as relay an external smtp server. Sendmail refuses to send via relay. Hi I have two realtively identical Solaris zones. They both appear to have the same config in relation to sendmail. But, when I send a test email using mailx the first one sends via a mail relay and the other sends via localhost.

I need them both to use the relay but can't figure out what is Red Hat. Hi Guys, I want to setup sendmail using my username and password on my ISP to be able to send out messages. I'm using Linux. So far, what I've done is modified the sendmail. Hi, I notice that my relay on sendmail. Mail that is forwarded arrives at the system addressed to the local host; it is forwarded only if the host is instructed to do so by the aliases database or the.

Mail that is relayed arrives at the system addressed to some other host; it is only relayed if sendmail is configured to allow relaying.

In the same way that sendmail must be configured to act as a mail relay, a system must be configured to use a mail relay. Any system running sendmail can directly deliver its own mail; sendmail does not depend on relays by default. However, there are a variety of different sendmail configurations that use relay servers:.