How to make sendmail accept connections from localhost only

email sendmail spam
6,101

Solution 1

The following line in your m4 config generation file will cause sendmail to listen to port 25 only on 127.0.0.1:

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

Solution 2

I decided to do it in another way. Instead of trying to tune the the sendmail-mta itself (which I did not succeed in) or recompiling it with the built-in options, I used a simple iptables rule:

iptables -A INPUT -i eth0 -p tcp --dport 25 -j DROP

This rule blocks all incoming connections on eth0 interface. The connections to the lo interface remain untouched. Of course, this is not a solution by means of the sendmail-mta, but it turned out to be much more simple to solve this particular problem this way.

Share:
6,101

Related videos on Youtube

v_2e
Author by

v_2e

Updated on September 18, 2022

Comments

  • v_2e
    v_2e almost 2 years

    I need to secure the server by making sendmail-mta accept only local connections (from localhost), so that any external (potential spam) connections are denied.

    I use Debian 7.0 currently.

  • Michael Hampton
    Michael Hampton over 10 years
    You're kidding, right?
  • v_2e
    v_2e over 10 years
    @MichaelHampton: No, not at all. This is really the way I decided to solve my problem. But is it wrong?
  • Michael Hampton
    Michael Hampton over 10 years
    It's kind of pointless, since the solution already given is so trivial. And, if your firewall gets dropped for some reason, you're back to being a potential spam relay.
  • v_2e
    v_2e over 10 years
    @MichaelHampton: Hm... Yes, you are right. If for some reason the firewall rule is not applied or flushed, it is pointless. I did not think of that. But as far as I understood from the previous answer, it requires recompiling the sendmail-mta daemon, doesn't it? But recompiling is not an easy way in my case. So is it the only real way to secure the mail-server? Thanks!
  • Michael Hampton
    Michael Hampton over 10 years
    No, you just edit the sendmail.mc file and rebuild that (with m4). This is basic Sendmail.
  • v_2e
    v_2e over 10 years
    @MichaelHampton: Oh, sorry. I misunderstood all these from the very beginning. I just have never met such way of configuration before. Now I see that indeed my "self-answer" is completely pointless. I will mark the previous as "accepted" instead, since now I use this way. Thank you!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Sendmail: Sender address rejected (Domain not found)
Prevent mail being marked as spam
PHP mail() works from command line but not apache
PermError SPF Permanent Error: Too many DNS lookup
Sendmail issue: successfully sent but never arrives
how to avoid email header Received: from unknown and email going to spam
mailx change sender name
Send e-mail with multiple attachments using command line and sendmail
Sending Email in DNN
How to send mail from localhost in ubuntu 14.04