Re: Setting up postfix problems
* proph...@vizion.occoxmail.com : > Hi > > I am comparatively new to postfix and seem unable to get my > configuration correct to ensure there are no open relays. > For obvious reasons I am not posting from the network > concerned! I set out below > 1. Details of test with abuse.net > 2. maillog entries for the test > 3. network requirements for the server > 4. entries in main.cf > > 1. A test with abuse.net produces the following: > > <<< 220 xxx.x.tld ESMTP Postfix (2.6.2) > >>> HELO www.abuse.net > <<< 250 xxx.x.tld > Relay test 1 > > >>> RSET > <<< 250 2.0.0 Ok > >>> MAIL FROM: > <<< 250 2.1.0 Ok > >>> RCPT TO: > <<< 250 2.1.5 Ok > >>> DATA > <<< 354 End data with . > >>> (message body) > <<< 250 2.0.0 Ok: queued as 15F7234D421 > > A report was received indication an open relay > > 2. The Maillog entry (abbreviated) shows: > date time postfix/smptd[] connect from verify.abuse.net >[] 15F7234D421 > client=verify.abuse.net > /cleanup[] 15F7234D421 message- > id= /qmgr[] 15F7234D421 from > =,size =1125, ncrpt=1 (queue active) > /local [] 15F7234D421 > to=, relay = local,delay=0.41,delays > =0.41/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox) It was delivered locally, thus no relay -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Re: Setting up postfix problems
> > From: Brian Evans - Postfix List > Date: 2009/07/14 Tue PM 04:14:41 EDT > To: postfix-users@postfix.org > Subject: Re: Setting up postfix problems > > proph...@vizion.occoxmail.com wrote: > > Hi > > > > I am comparatively new to postfix and seem unable to get my > > configuration correct to ensure there are no open relays. > > For obvious reasons I am not posting from the network > > concerned! I set out below > > 1. Details of test with abuse.net > > 2. maillog entries for the test > > 3. network requirements for the server > > 4. entries in main.cf > > > > 1. A test with abuse.net produces the following: > > > > A report was received indication an open relay > > > > > I see no relay: > grkni...@mx1 ~ $ telnet dns1.vizion2000.net 25 > Trying 77.99.36.42... > Connected to dns1.vizion2000.net. > Escape character is '^]'. > 220 dns1.vizion2000.net ESMTP Postfix (2.6.2) > EHLO example.com > 250-dns1.vizion2000.net > 250-PIPELINING > 250-SIZE 1024 > 250-VRFY > 250-ETRN > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250 DSN > MAIL FROM: > 250 2.1.0 Ok > RCPT TO: > 554 5.7.1 : Relay access denied > RCPT TO: > 550 5.1.1 : Recipient address rejected: User > unknown in local recipient table > QUIT > 221 2.0.0 Bye > > > Thanks I think you are right - it looks as though the abuse.net test gave a false positive David David Southwell ARPS Photographic Artist Permanent Installations and Design
Re: Setting up postfix problems
proph...@vizion.occoxmail.com wrote: > Hi > > I am comparatively new to postfix and seem unable to get my > configuration correct to ensure there are no open relays. > For obvious reasons I am not posting from the network > concerned! I set out below > 1. Details of test with abuse.net > 2. maillog entries for the test > 3. network requirements for the server > 4. entries in main.cf > > 1. A test with abuse.net produces the following: > > A report was received indication an open relay > > I see no relay: grkni...@mx1 ~ $ telnet dns1.vizion2000.net 25 Trying 77.99.36.42... Connected to dns1.vizion2000.net. Escape character is '^]'. 220 dns1.vizion2000.net ESMTP Postfix (2.6.2) EHLO example.com 250-dns1.vizion2000.net 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM: 250 2.1.0 Ok RCPT TO: 554 5.7.1 : Relay access denied RCPT TO: 550 5.1.1 : Recipient address rejected: User unknown in local recipient table QUIT 221 2.0.0 Bye
Re: Setting up postfix problems
On Tue, Jul 14, 2009 at 2:28 PM, wrote:
> Hi
>
> I am comparatively new to postfix and seem unable to get my
> configuration correct to ensure there are no open relays.
> For obvious reasons I am not posting from the network
> concerned! I set out below
> 1. Details of test with abuse.net
> 2. maillog entries for the test
> 3. network requirements for the server
> 4. entries in main.cf
>
> 1. A test with abuse.net produces the following:
>
> <<< 220 xxx.x.tld ESMTP Postfix (2.6.2)
HELO www.abuse.net
> <<< 250 xxx.x.tld
> Relay test 1
>
RSET
> <<< 250 2.0.0 Ok
MAIL FROM:
> <<< 250 2.1.0 Ok
RCPT TO:
> <<< 250 2.1.5 Ok
DATA
> <<< 354 End data with .
(message body)
> <<< 250 2.0.0 Ok: queued as 15F7234D421
>
> A report was received indication an open relay
>
> 2. The Maillog entry (abbreviated) shows:
> date time postfix/smptd[] connect from verify.abuse.net
> [] 15F7234D421
> client=verify.abuse.net
> /cleanup[] 15F7234D421 message-
> id= /qmgr[] 15F7234D421 from
> =,size =1125, ncrpt=1 (queue active)
> /local [] 15F7234D421
> to=, relay = local,delay=0.41,delays
> =0.41/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
> /qmgr [] 15F7234D421 removed
> /smptd [] disconnect from
> verify.abuse.net[IP]
>
this seems to show the test message being delivered to a local
mailbox. if you are testing relay using an address that the server
should accept mail for, and it accepts it, that is not an open relay.
that is a mail server accepting mail as it should. what matters is
how the server behaves when you try to deliver to a non local
recipient. unless I am just missing something, I think youre doing
the test wrong.
> 3. The mail server is freebsd 7.2 and intended to be the
> primary mail server for a small local network for its own
> domain and supports mail for multiple virtual domains. The
> virtual domains are specified in virtual_alias_domains. The
> server also runs qpopper to provide pop3 service to the
> local network.
>
> 4. Entries from main.cf
> relay_domains = $mydestination [mydomain].tld
> smptd_recipent_restrictions = permit_mynetworks,
> reject_unauth_destinations
> ###
> ### NOTE I tried adding
> ### { smptd_client_restrictions = permit_mynetworks, reject}
> ### WHICH solved the open relay problem but hardly any mail
> got through from the internet!!!
> smptd_sender_restrictions = reject_unknown_sender_domain
> smptd_sender_restrictions = reject_non_fqdn_sender
> smptd_helo_required = yes
> smptd_helo_restrictions = reject_invalid_hostname
> smptd_helo_restrictions = reject_non_fqdn_hostname
>
> mynetworks_style = subnet
>
> If anyone could point me in the right direction I would be
> most obliged
>
> Thanks in advance
>
> David
>
> David Southwell ARPS
> Photographic Artist
> Permanent Installations and Design
>
>
Re: Re: Setting up postfix problems
> > From: mouss > Date: 2009/07/14 Tue PM 03:40:14 EDT > To: postfix-users@postfix.org > Subject: Re: Setting up postfix problems > > proph...@vizion.occoxmail.com a écrit : > > dns1# postconf -n > > alias_maps = hash:/etc/aliases > > command_directory = /usr/local/sbin > > config_directory = /usr/local/etc/postfix > > daemon_directory = /usr/local/libexec/postfix > > data_directory = /var/db/postfix > > debug_peer_level = 2 > > html_directory = no > > inet_interfaces = all > > mail_owner = postfix > > mail_spool_directory = /var/mail > > mailq_path = /usr/local/bin/mailq > > manpage_directory = /usr/local/man > > mydestination = $mydomain, $myhostname, dns1.$mydomain, dns1 > > mydomain = vizion2000.net > > myhostname = dns1.vizion2000.net > > mynetworks = 192.168.15.0/24, 127.0.0.0/8 > > mynetworks_style = subnet > > myorigin = $mydomain > > newaliases_path = /usr/local/bin/newaliases > > proxy_interfaces = dns1.vizion2000.net > > queue_directory = /var/spool/postfix > > readme_directory = no > > relay_domains = $mydestination > > This is the (old) compatibility default. set > relay_domains = > (empty value). > > > relay_recipient_maps = > > hash:/usr/local/etc/postfix/relay_recipients > > sample_directory = /usr/local/etc/postfix > > sendmail_path = /usr/local/sbin/sendmail > > setgid_group = maildrop > > smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) > > smtpd_helo_required = yes > > smtpd_recipient_restrictions = permit_mynetworks, > > reject_unauth_destination > > with this configuration, you are not an open relay. > > > unknown_local_recipient_reject_code = 550 > > virtual_alias_domains = workplacemassage.co.uk, atf4.com, > > methuselaproject.org, methuselaproject.com, tiptogo.com, > > virtual_alias_maps = hash:/usr/local/etc/postfix/virtual, > > > Tried that buy still get the same open relay on test from abuse.net David Southwell ARPS Photographic Artist Permanent Installations and Design
Re: Setting up postfix problems
proph...@vizion.occoxmail.com a écrit : > dns1# postconf -n > alias_maps = hash:/etc/aliases > command_directory = /usr/local/sbin > config_directory = /usr/local/etc/postfix > daemon_directory = /usr/local/libexec/postfix > data_directory = /var/db/postfix > debug_peer_level = 2 > html_directory = no > inet_interfaces = all > mail_owner = postfix > mail_spool_directory = /var/mail > mailq_path = /usr/local/bin/mailq > manpage_directory = /usr/local/man > mydestination = $mydomain, $myhostname, dns1.$mydomain, dns1 > mydomain = vizion2000.net > myhostname = dns1.vizion2000.net > mynetworks = 192.168.15.0/24, 127.0.0.0/8 > mynetworks_style = subnet > myorigin = $mydomain > newaliases_path = /usr/local/bin/newaliases > proxy_interfaces = dns1.vizion2000.net > queue_directory = /var/spool/postfix > readme_directory = no > relay_domains = $mydestination This is the (old) compatibility default. set relay_domains = (empty value). > relay_recipient_maps = > hash:/usr/local/etc/postfix/relay_recipients > sample_directory = /usr/local/etc/postfix > sendmail_path = /usr/local/sbin/sendmail > setgid_group = maildrop > smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) > smtpd_helo_required = yes > smtpd_recipient_restrictions = permit_mynetworks, > reject_unauth_destination with this configuration, you are not an open relay. > unknown_local_recipient_reject_code = 550 > virtual_alias_domains = workplacemassage.co.uk, atf4.com, > methuselaproject.org, methuselaproject.com, tiptogo.com, > virtual_alias_maps = hash:/usr/local/etc/postfix/virtual, >
re: Setting up postfix problems
dns1# postconf -n alias_maps = hash:/etc/aliases command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all mail_owner = postfix mail_spool_directory = /var/mail mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man mydestination = $mydomain, $myhostname, dns1.$mydomain, dns1 mydomain = vizion2000.net myhostname = dns1.vizion2000.net mynetworks = 192.168.15.0/24, 127.0.0.0/8 mynetworks_style = subnet myorigin = $mydomain newaliases_path = /usr/local/bin/newaliases proxy_interfaces = dns1.vizion2000.net queue_directory = /var/spool/postfix readme_directory = no relay_domains = $mydestination relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination unknown_local_recipient_reject_code = 550 virtual_alias_domains = workplacemassage.co.uk, atf4.com, methuselaproject.org, methuselaproject.com, tiptogo.com, virtual_alias_maps = hash:/usr/local/etc/postfix/virtual, dns1# David Southwell ARPS Photographic Artist Permanent Installations and Design
Re: Setting up postfix problems
> I am comparatively new to postfix and seem unable to get my > configuration correct to ensure there are no open relays. > For obvious reasons I am not posting from the network > concerned! I set out below > 1. Details of test with abuse.net > 2. maillog entries for the test > 3. network requirements for the server > 4. entries in main.cf > Post the output from postconf -n. Terry
Setting up postfix problems
Hi
I am comparatively new to postfix and seem unable to get my
configuration correct to ensure there are no open relays.
For obvious reasons I am not posting from the network
concerned! I set out below
1. Details of test with abuse.net
2. maillog entries for the test
3. network requirements for the server
4. entries in main.cf
1. A test with abuse.net produces the following:
<<< 220 xxx.x.tld ESMTP Postfix (2.6.2)
>>> HELO www.abuse.net
<<< 250 xxx.x.tld
Relay test 1
>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM:
<<< 250 2.1.0 Ok
>>> RCPT TO:
<<< 250 2.1.5 Ok
>>> DATA
<<< 354 End data with .
>>> (message body)
<<< 250 2.0.0 Ok: queued as 15F7234D421
A report was received indication an open relay
2. The Maillog entry (abbreviated) shows:
date time postfix/smptd[] connect from verify.abuse.net
[] 15F7234D421
client=verify.abuse.net
/cleanup[] 15F7234D421 message-
id=,size =1125, ncrpt=1 (queue active)
/local [] 15F7234D421
to=, relay = local,delay=0.41,delays
=0.41/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
/qmgr [] 15F7234D421 removed
/smptd [] disconnect from
verify.abuse.net[IP]
3. The mail server is freebsd 7.2 and intended to be the
primary mail server for a small local network for its own
domain and supports mail for multiple virtual domains. The
virtual domains are specified in virtual_alias_domains. The
server also runs qpopper to provide pop3 service to the
local network.
4. Entries from main.cf
relay_domains = $mydestination [mydomain].tld
smptd_recipent_restrictions = permit_mynetworks,
reject_unauth_destinations
###
### NOTE I tried adding
### { smptd_client_restrictions = permit_mynetworks, reject}
### WHICH solved the open relay problem but hardly any mail
got through from the internet!!!
smptd_sender_restrictions = reject_unknown_sender_domain
smptd_sender_restrictions = reject_non_fqdn_sender
smptd_helo_required = yes
smptd_helo_restrictions = reject_invalid_hostname
smptd_helo_restrictions = reject_non_fqdn_hostname
mynetworks_style = subnet
If anyone could point me in the right direction I would be
most obliged
Thanks in advance
David
David Southwell ARPS
Photographic Artist
Permanent Installations and Design
