From owner-freebsd-questions  Mon Feb  4 11:23:31 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mail6.speakeasy.net (mail6.speakeasy.net [216.254.0.206])
	by hub.freebsd.org (Postfix) with ESMTP id 0A6F037B485
	for <questions@freebsd.org>; Mon,  4 Feb 2002 11:23:16 -0800 (PST)
Received: (qmail 26465 invoked from network); 4 Feb 2002 19:23:15 -0000
Received: from unknown (HELO z5w4q9) ([216.27.132.29]) (envelope-sender <jasonc@concentric.net>)
          by mail6.speakeasy.net (qmail-ldap-1.03) with SMTP
          for <questions@freebsd.org>; 4 Feb 2002 19:23:15 -0000
Message-ID: <009601c1adb1$354c6420$1d841bd8@kibserv.org>
From: "Jason Cribbins" <jasonc@concentric.net>
To: <questions@freebsd.org>
Subject: sendmail will not relay for local domain
Date: Mon, 4 Feb 2002 14:21:17 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Disposition-Notification-To: "Jason Cribbins" <jasonc@concentric.net>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

I am unable to relay based on domain name checks.  I would rather relay
based on domain name because the dns zone master resides and I want to
restrict relaying to the 16 IP address block we are assigned.  If I use
xxx.xxx.xxx then I am opening sendmail up to 240 or so IPs that I do not
control.

I have FreeBSD 4.3 loaded and I am using the send mail that shipped with the
product as well as named.

my access file looks like this:
...comments
kibserv.org      RELAY
dish500.info    RELAY

Both kibserv.org and dish500.info master zones are hosted on the same
machine as sendmail So there if some one is able to break in and use named
to spoof sendmail they might as well use sendmail locally.  It doesn't get
more secure than that.

But the trouble is that I cannot get it to relay any traffic.  It gives the
following message from OE6:
The message could not be sent because one of the recipients was rejected by
the server. The rejected e-mail address was 'kib@mediaone.net'. Subject
'test', Account: 'Concentric', Server: 'mail.kibserv.org', Protocol: SMTP,
Server Response: '550 5.7.1 <kib@mediaone.net>... Relaying denied. IP name
possibly forged [216.27.132.29]', Port: 25, Secure(SSL): No, Server Error:
550, Error Number: 0x800CCC79

nslookup for 216.27.132.29 is as follows:
Server:  localhost
Address:  127.0.0.1

Name:    dyn-29.kibserv.org
Address:  216.27.132.29

If the dyn-29 throwing it off somehow?  Everything here will be done using
dhcp.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message