Posted on 11/23/2004 4:33 pm in FreeBSD
I learned an important lesson today. Sendmail includes and access configuration file. In order for it to accept mail for a domain so that it can forward it on (which is necessary for us at my work to pass things to the Exchange server), it has to have the domain name in the access file. However, if you just put the domain name in the file, people can use your server and send spoofed mail as if it's from one of the users of that domain name. You have to include a To:domainname RELAY on the line instead of just domainname RELAY. I tightened down the security on my servers a little bit this way today. It should help with some of the spam problem.