by Don » Oct 02 03 7:02 am
Thank you for your responses. First, I’d like to editorialize a bit. The problems I see in the computer industry are becoming very consistent from product to product. As we get more demanding in what we attempt to do we tend to get focused .. and then we get divided: The camp of people that live and BREATHE the product versus the ones that merely use it. The most perfect example is SENDMAIL. If you KNOW sendmail like the back of your hand … everything it does is simple, straight forward and easy. But if you DON’T …. it’s just a quagmire. I pity the Sysadmin that one day, out of the blue, needs to know how to fix something in Sendmail and tries to learn it merely by reading the RFC. In all of these cases, I am in the latter camp rather than the former. Now … with that said …..
I support a number of systems that use Sendmail behind a firewall. The VERSION of Sendmail is 8.12 and for reasons that I don’t want to get into, porting a later version or moving the mailer to another system is NOT an option (don’t ask … it just isn’t). Needless to say, sendmail 8.12 is a spammer’s dream – it’s just about THE most open relay in the world. Wingate is the proxy …. and we attempt to use it as a spam filter as well. Now KEEPING in mind that I don’t live or breath mailers, filters or firewalls, be advised that I just muddle through as best I can. (whew). OK. Now on to the actual situation.
Wingate SMTP has, in the general tab, an option for forwarding INBOUND to one place and OUTBOUND mail to another. The thing IS … the “interfaces” tab doesn’t have a method to identify which interface is IN and which is OUT. So when I allow Wingate to accept connections on ANY interface we become Spam Relay Central. My “fix” (if you can call it that) was to duplicate the SMTP services .. have one accept connections ONLY on the external IP and use the “forward option” under “general” to send to the sendmail system … then have another service that accepts connections ONLY on the internal connection and forward ONLY on the external IP. Now … this works .. BUT ……
If I uncheck the “forward outbound mail via ISP” box on the general tab of my OUTBOUND service …. mail goes NOWHERE.
Meanwhile … as a side note …. I have the “mail filter” on the inbound set up to reject all mail not addressed to “domain.com” (for example) and SPAM testing reveals that Wingate DOES reject requests addressed to “spam.com” (for example) .. but if the inbound mail system sends a Rcpt To: that is NULL, Wingate DOES pass the mail on to the internal sendmail program … which is too stupid to know that it’s about to be used as a spam relay.
I have been searching the net (in vain) for a mailer program that would accept mail (from anyone to anyone) until it got the “absolute, whole, FINAL” recipient and THEN decide if the mail is for us or not .. but nothing (in all of life, it seems) is that simple.
Now … with al that SAID …. I wouldn’t at ALL be opposed to PAYING someone to set up whatever I need to just GET this problem off my back.