> > Sendmail doesn't have any authentication support built in; you can
> > only control relaying by IP address (or by the hostname to which the
> > IP address resolves).
> >
> > If this is sufficient, I can provide details on sendmail's relay
> > control files (please state which version of sendmail you are using,
> > and whether its the standard distribution or RedHat's package).
>
> I am using sendmail 8.9.1, I am not sure if it is the standard
> distribution because I have not installed it, and have no idea if it was
> changed.
sendmail 8.9.1 should perform access control using the file
/etc/mail/relay-domains. This file should contain hostnames and/or IP
addresses, one per line. Unless sendmail.cf was built with
FEATURE(relay_hosts_only), you can specify partial hostnames or IP
addresses to match entire domains or networks respectively.
sendmail will accept mail if any of the following are true:
a) The recipient's domain is in class w (e.g it is in the sendmail.cw
file, or corresponds to the IP address of a local interface).
b) The recipient's domain is listed in the relay-domains file.
c) The mail was sent from the local host (rather than being received
via SMTP).
d) The sender's IP address matches an entry in the relay-domains file.
e) The sender's hostname (obtained by performing a reverse DNS lookup)
matches an entry in the relay-domains file.
> What other options/alternatives do I have to be able to authenticate
> users (name and password) when they relay emails from the internet. I
> would like to have my local users on my machine to be able to relay
> email through the internet.
The other options are to either:
a) Add support for the ESMTP authentication option to sendmail. This
could be a fair bit of work, and users would have to use a mail client
which supports it.
b) Provide some mechanism whereby valid users can add their IP address
to a list of approved IP addresses (e.g. the POP before SMTP options
which David suggested).
One complication with b) is that the relay-domains file is only read
by the sendmail daemon at startup, or when it receives a SIGHUP. If
the access list is likely to be updated frequently, you would need to
modify sendmail.cf to use some form of (dynamically consultable) map
(e.g. `$(host ...)') instead of a class file.
-- Glynn Clements <glynn@sensei.co.uk> - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu