F{LocalIP} /etc/mail/localIPcontaining the IP network numbers for the hosts you will allow to relay through your mail server, for example
127.0.0 192.168.1 192.168.2If you relay mail for other systems, use also:
F{RelayTo} -o /etc/mail/RelayToHere is the ruleset:
Scheck_rcpt R$+ $: $>3 $1 R$+ $: $(dequote $1 $) R$- $@ ok to here R$* % $* $: relay attempt R$* @ $* < @ $* . > $: relay attempt R$+ < @ $=w . > $@ ok to here R$+ < @ $={RelayTo} . > $@ ok allow relay to there R$+ $: $(dequote "" $&{client_addr} $) R0 $@ ok client_addr is 0 for sendmail -bs R$={LocalIP}.$* $@ ok from here R$* $#error $@ 5.7.1 $: "571 we do not support relaying"It uses the client address to check for relaying. Moreover, it also tries to detect addresses of the form:
foo%bar.com@relay.com @relay.com:foo@bar.comNote: there is a problem with these rules! But for every problem, there should be a solution.
Of course you can modify these rules so you don't have to list all subdomains you handle. For instance,
R$+ < @ $*$=w . > $@ ok to here R$+ < @ $*$={RelayTo} . > $@ ok allow relay to there
F{LocalNames} /etc/mail/LocalNamescontaining the names for the hosts you will allow to relay through your mail server, for example
uni-kiel.de geomar.deHowever, this is subject to DNS spoofing, so it may be better to use IP addresses.
Scheck_rcpt R$+ $: $>3 $1 R$+ $: $(dequote $1 $) R$- $@ ok to here R$* % $* $: relay attempt R$* @ $* < @ $* . > $: relay attempt R$+ < @ $=w . > $@ ok to here R$+ < @ $={RelayTo} . > $@ ok allow relay to there R$+ $: $(dequote "" $&{client_name} $) R$- $@ ok local names (unqualified) R$*$={LocalNames} $@ ok from here R$* $#error $@ 5.7.1 $: "571 we do not support relaying"