-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bruno Prior wrote: > My ISP has just pointed out to me that I was running an open relay, > which is highly embarrassing. I have been running postfix without > causing a problem until I switched to an ADSL connection. The notes in > postfix/main.cf seem to make it pretty clear what the problem is: my > ISP's subnet had been added as a trusted subnet, as ADSL counts as a > dialup connection, which meant that anyone on their network could relay > through my mail server.
But, who added that? > Obviously, the fault is principally mine, for not being more careful > when I set ADSL up - the information is all there if you look for it. > But I was wondering how many people would look for it. Because, if you > setup ADSL using drakconnect, you wouldn't have a clue you needed to > edit main.cf to prevent this. drakconnect doesn't touch main.cf > Would it be a good idea to either enhance > drakconnect to make this change automatically (if you could figure out a > sensible way to deduce the appropriate list of trusted clients), or at > least flag up a warning, to stop other people making this mistake? By default, the important postfix settings are: $ cp /etc/postfix/main.cf.rpmnew /tmp/main.cf $ /usr/sbin/postconf -c /tmp mynetworks inet_interfaces relay_domains mydestination mynetworks = 127.0.0.0/8 inet_interfaces = localhost relay_domains = $mydestination mydestination = $myhostname, localhost.$mydomain So, by default you shouldn't even be able to get a connection to postfix unless you have manually changed mynetworks, or used some tool which does so. drakconnect can't take responsibility for every single possible configuration that may depend on it's settings. Ideally we need a configuration tool which can find such issues, but it's not drakconnect, and it needs to be very user friendly (and not do things automatically). But I don't think this is your problem. Maybe if you can try and find out what had changed any of the important settings, we can take a look, but I don't see how either the default postfix config or drakconnect are responsible. Regards, Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/nToxrJK6UGDSBKcRApT5AKCZpIZPhXPWX5mfJLWJKvThBlbpKgCcDZ2r RrYeCWK18OGb38ucwuW1pEk= =ZyXe -----END PGP SIGNATURE-----
