On Tue, Jul 14, 2009 at 2:28 PM, <proph...@vizion.occoxmail.com> wrote: > Hi > > I am comparatively new to postfix and seem unable to get my > configuration correct to ensure there are no open relays. > For obvious reasons I am not posting from the network > concerned! I set out below > 1. Details of test with abuse.net > 2. maillog entries for the test > 3. network requirements for the server > 4. entries in main.cf > > 1. A test with abuse.net produces the following: > > <<< 220 xxx.xxxxx.tld ESMTP Postfix (2.6.2) >>>> HELO www.abuse.net > <<< 250 xxx.xxxxx.tld > Relay test 1 > >>>> RSET > <<< 250 2.0.0 Ok >>>> MAIL FROM:<spamt...@abuse.net> > <<< 250 2.1.0 Ok >>>> RCPT TO:<x...@xxxx.tld> > <<< 250 2.1.5 Ok >>>> DATA > <<< 354 End data with <CR><LF>.<CR><LF> >>>> (message body) > <<< 250 2.0.0 Ok: queued as 15F7234D421 > > A report was received indication an open relay > > 2. The Maillog entry (abbreviated) shows: > date time postfix/smptd[xxxx] connect from verify.abuse.net > [xxxx] 15F7234D421 > client=verify.abuse.net > /cleanup[xxxx] 15F7234D421 message- > id=<rlytest-nnnn...@abuse.net > /qmgr[xxxx] 15F7234D421 from > =<spamt...@abuse.net>,size =1125, ncrpt=1 (queue active) > /local [xxxx] 15F7234D421 > to=<x...@mydomain.tld>, relay = local,delay=0.41,delays > =0.41/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox) > /qmgr [xxxx] 15F7234D421 removed > /smptd [xxxx] disconnect from > verify.abuse.net[IP] >
this seems to show the test message being delivered to a local mailbox. if you are testing relay using an address that the server should accept mail for, and it accepts it, that is not an open relay. that is a mail server accepting mail as it should. what matters is how the server behaves when you try to deliver to a non local recipient. unless I am just missing something, I think youre doing the test wrong. > 3. The mail server is freebsd 7.2 and intended to be the > primary mail server for a small local network for its own > domain and supports mail for multiple virtual domains. The > virtual domains are specified in virtual_alias_domains. The > server also runs qpopper to provide pop3 service to the > local network. > > 4. Entries from main.cf > relay_domains = $mydestination [mydomain].tld > smptd_recipent_restrictions = permit_mynetworks, > reject_unauth_destinations > ### > ### NOTE I tried adding > ### { smptd_client_restrictions = permit_mynetworks, reject} > ### WHICH solved the open relay problem but hardly any mail > got through from the internet!!! > smptd_sender_restrictions = reject_unknown_sender_domain > smptd_sender_restrictions = reject_non_fqdn_sender > smptd_helo_required = yes > smptd_helo_restrictions = reject_invalid_hostname > smptd_helo_restrictions = reject_non_fqdn_hostname > > mynetworks_style = subnet > > If anyone could point me in the right direction I would be > most obliged > > Thanks in advance > > David > > David Southwell ARPS > Photographic Artist > Permanent Installations and Design > >