A mail relay is a system that resends mail that it receives. When mail that should be delivered by some other host arrives at the mail relay host, the system decides whether it should relay the mail. If relaying is allowed, the relay host sends the mail on to the destination address. If relaying is denied, a "Relaying denied" error message is returned to the sender. This chapter contains recipes that control when relaying is allowed or denied and recipes to configure a system to make use of a mail relay. Relaying is different from forwarding. Mail that is forwarded arrives at the system addressed to the local host; it is forwarded only if the host is instructed to do so by the aliases database or the .forward file. Mail that is relayed arrives at the system addressed to some other host; it is only relayed if sendmail is configured to allow relaying. In the same way that sendmail must be configured to act as a mail relay, a system must be configured to use a mail relay. Any system running sendmail can directly deliver its own mail; sendmail does not depend on relays by default. However, there are a variety of different sendmail configurations that use relay servers:
Mail is sent to the mail relay host via the SMTP relay mailer. The configuration of the relay mailer can be changed with the m4 macros RELAY_MAILER_ARGS , RELAY_MAILER_FLAGS , RELAY_MAILER_QGRP , and RELAY_MAILER_MAXMSG . sendmail can even be configured to use a different mailer for relaying by specifying a different mailer name with the confRELAY_MAILER define. However, changing the mailer name or fiddling with the relay mailer configuration is generally a bad idea because it creates an unnecessarily complex configuration that must be maintained . It is better to configure a mail relay host that is capable of handling standard SMTP mail than it is to create a custom mailer for every system that uses the relay host for the simple reason that there are fewer systems to maintain. By default, sendmail does not relay mail ”thus, a default sendmail system does not consider itself a mail relay. There is a good reason for this: relaying opens a system to the possibility of being abused by spammers. Spammers love to find a system that they can relay through in order to hide the true source of the spam mail. Everything you do to create a relay weakens this security. Therefore, care must be taken to use only those configuration tools that you really need to get the job done. Several features are available that turn a sendmail system into a mail relay:
Other than the relay_hosts_only feature, which works with the relay-domains file and the access database, the features listed above tend to reduce the amount of control the sendmail administrator has over relaying. Generally, a better way to enable relaying is by using the relay-domains file. Using the relay-domains file requires no special m4 configuration because sendmail reads this file by default. To use it, all you need to do is create a text file named relay-domains that contains a list of the domains for which relaying is allowed. Entries in the relay-domains file enable relaying to or from the domains listed in the file. To have more control over the condition in which relaying is approved, use the access database. The access database is not designed specifically for relaying ”it has broader security applications. However, it can be used to control relaying as demonstrated in Recipe 3.10. For maximum security, use SMTP AUTH or STARTTLS to authenticate the hosts granted relay privileges. Chapter 7 and Chapter 8 cover these security protocols. Because spammers may abuse a mail relay, special care should be taken to thoroughly test the relay configuration. If your server fails any of the tests, adjust the configuration to close the security hole. No tests are infallible, but they do provide clear indications of possible configuration problems. |