[pfx] Re: Open relay clarification

ent > addresses (this question pops up here once in a while). > > From traditional point of view an open relay is mail server that allows you > to relay non-local mail without authentication - you connect, send mail, > server will accept it and pass it to he recipient. > > The &

[pfx] Re: Open relay clarification

a core failing. "Open relay" is the first thing that comes to mind; however, is it really an open relay? From traditional point of view an open relay is mail server that allows you to relay non-local mail without authentication - you connect, send mail, server will accept it and pass

[pfx] Re: Open relay clarification

Dnia 18.04.2023 o godz. 12:11:06 Tyler Montney via Postfix-users pisze: > > - mail for all local domains coming in on port 25 should be accepted (of > > course considering all usual restrictions - the recipient exists, the > > sending IP is not on a blacklist etc.) > > > > - mail for all non-local

[pfx] Re: Open relay clarification

n class. > > In the meaning above, yes. They are all hosted on that server, so they are > local. The "operational" difference between local and non-local is simple > for me: "Operational" is an acceptable way of distinguishing this. If the RFC made any reference to "

[pfx] Re: Open relay clarification

Dnia 17.04.2023 o godz. 19:59:48 Tyler Montney via Postfix-users pisze: > And that's a definition I've been struggling with: What is *local* in > relation to SMTP? By "local", I mean here the domains for which that particular server is the final destination, ie. the mail delivered locally and the

[pfx] Re: Open relay clarification

> One important information is missing here: on what port? Good catch. Port 25. > There should be no authentication on port 25 and all mail destined for local > domains should be accepted. > > There should be mandatory authentication on ports 465/587. > > As both acme.com and corley.com

[pfx] Re: Open relay clarification

Dnia 17.04.2023 o godz. 14:49:11 Noel Jones via Postfix-users pisze: > Please keep replies on list. > > On 4/17/2023 2:16 PM, Tyler Montney wrote: > >I'll put it this way, since I'm struggling to word this: > > > >Provider A contains the following customers: > >Acme Corporation (acme.com

[pfx] Re: Open relay clarification

On 4/17/2023 3:59 PM, Tyler Montney via Postfix-users wrote: That is the purpose of this discussion, to determine what exactly this scenario presents. As stated above, Provider A is aware and believes it's acceptable. It is acceptable because their documentation has features which rely on it.

[pfx] Re: Open relay clarification

> Please keep replies on list. >You've explained what's observable, but not why it's a problem. > Any random server on the internet can send to b...@corley.com without > authentication. The original sender may or may not authenticate to > *their* mail server, corley.com cannot control that. So corl

[pfx] Re: Open relay clarification

Please keep replies on list. On 4/17/2023 2:16 PM, Tyler Montney wrote: I'll put it this way, since I'm struggling to word this: Provider A contains the following customers: Acme Corporation (acme.com ) Corley Motors (corley.com ) Provider B contains the fol

[pfx] Re: Open relay clarification

On 4/17/2023 1:38 PM, Tyler Montney via Postfix-users wrote: I use a mail provider (Provider A) which has thousands of organizations. This provider allows unauthenticated SMTP to other organizations so long as they're using them as a provider (within their ecosystem). Of course, you cannot se

[pfx] Open relay clarification

authentication. Mechanisms such as SPF or spam filtering certainly are effective here, but unauthenticated SMTP seems like a core failing. "Open relay" is the first thing that comes to mind; however, is it really an open relay? As mentioned, I cannot send from Provider A to Provider B. The scop

Re: Planning my migration: preventing open relay

> On 24 Dec 2022, at 09:35, David Bürgin wrote: > > raf: >> On Fri, Dec 23, 2022 at 06:20:08PM +0100, Gerben Wierda >> wrote: >>> What is the best way to do this? Or is it too troublesome and should >>> I just use postfix outside of docker, installing it with apt? I would >>> rather like to hav

Re: Planning my migration: preventing open relay

raf: > On Fri, Dec 23, 2022 at 06:20:08PM +0100, Gerben Wierda > wrote: > > What is the best way to do this? Or is it too troublesome and should > > I just use postfix outside of docker, installing it with apt? I would > > rather like to have a single (docker) deployment model which would > > mak

Re: Planning my migration: preventing open relay

lients (black boxes) in my > network need to store credentials — and I don't trust them with > that. So, I'm preventing open relay with smtpd_relay_restrictions > > Here is the permissions structure (yes I know, there are some double > checks here) > > smtpd_helo_requi

Re: Planning my migration: preventing open relay

Dnia 23.12.2022 o godz. 18:20:08 Gerben Wierda pisze: > > I wonder how to do this if I am running postfix in a docker container, as > docker will translate everything to its internal docker network and > permit_mynetworks would be a problem. There's a thread going on on this list right now about

Planning my migration: preventing open relay

, a lot is (subtly) different from macOS. I am still using permit_mynetworks in my settings because the alternative is that some untrustworthy clients (black boxes) in my network need to store credentials — and I don't trust them with that. So, I'm preventing open relay with smtpd_relay_r

Re: Nessus says I have an open relay

On 2021.11.09. 20:28, White, Daniel E. (GSFC-770.0)[NICS] wrote: This best matches my situation. I cannot guarantee that all of my "customers" can send mail authenticated and/or encrypted. I think I can trim down "mynetworks" Thanks for the responses. On 11/9/21, 12:00, "owner-postfix-us...@

Re: Nessus says I have an open relay

White, Daniel E. (GSFC-770.0)[NICS]: > This best matches my situation. > > I cannot guarantee that all of my "customers" can send mail authenticated > and/or encrypted. > I think I can trim down "mynetworks" main.cf: # Exclude the open relay tester a

Re: Nessus says I have an open relay

This best matches my situation. I cannot guarantee that all of my "customers" can send mail authenticated and/or encrypted. I think I can trim down "mynetworks" Thanks for the responses. On 11/9/21, 12:00, "owner-postfix-us...@postfix.org on behalf of Jaroslaw Rafa" wrote: Dnia 9.11.20

Re: [EXTERNAL] Nessus says I have an open relay

On 2021.11.09. 18:59, Jaroslaw Rafa wrote: Dnia 9.11.2021 o godz. 10:13:08 Bill Cole pisze: NOTHING should be allowing SMTP relay based on IP addresses in 2021, even inside RFC1918 networks. Anything sending mail that can't do proper authentication at initial submission is unfit for sending mai

Re: [EXTERNAL] Nessus says I have an open relay

Dnia 9.11.2021 o godz. 10:13:08 Bill Cole pisze: > NOTHING should be allowing SMTP relay based on IP > addresses in 2021, even inside RFC1918 networks. Anything sending > mail that can't do proper authentication at initial submission is > unfit for sending mail at all. Whatever legitimate mail act

Re: [EXTERNAL] Nessus says I have an open relay

On 2021-11-09 at 09:23:13 UTC-0500 (Tue, 9 Nov 2021 14:23:13 +) White, Daniel E. (GSFC-770.0)[NICS] is rumored to have said: Clarifying: The relay did not reject the message. The MDA did the rejection. Is this correct ? Yes. LOCAL_MDA replied with a 4xx code, indicating to the relay t

Re: [EXTERNAL] Re: Nessus says I have an open relay

Clarifying: The relay did not reject the message. The MDA did the rejection. Is this correct ? How do I stop the empty sender address at the relay ? On 11/9/21, 09:08, "owner-postfix-us...@postfix.org on behalf of Jaroslaw Rafa" wrote: Dnia 9.11.2021 o godz. 13:47:28 White, Daniel E.

Re: Nessus says I have an open relay

On 09.11.21 13:47, White, Daniel E. (GSFC-770.0)[NICS] wrote: On 11/9/21, 08:20, "owner-postfix-us...@postfix.org on behalf of Matus UHLAR - fantomas" wrote: so the server successfully accepted mail to remote recipient. That's called open relay. Note that nessus can

Re: Nessus says I have an open relay

Dnia 9.11.2021 o godz. 13:47:28 White, Daniel E. (GSFC-770.0)[NICS] pisze: > > Not practical. Based on the rejection log, which parameter will let > postfix reject rather than defer ? Postfix deferred the message, because it accepted it in the first place. Then Postfix - trying to deliver the m

Re: Nessus says I have an open relay

On 11/9/21, 08:20, "owner-postfix-us...@postfix.org on behalf of Matus UHLAR - fantomas" wrote: so the server successfully accepted mail to remote recipient. That's called open relay. Note that nessus can't know if it's in server's $mynetwork.

Re: Nessus says I have an open relay

20 MAIL_SERVER_FQDN ESMTP Postfix 250 MAIL_SERVER_FQDN 250 2.1.0 Ok 250 2.1.5 Ok 354 End data with . 250 2.0.0 Ok: queued as F077F1016F54 221 2.0.0 Bye so the server successfully accepted mail to remote recipient. That's called open relay. Note that nessus can't know if it's in server&#

Re: Nessus says I have an open relay

by the scanner were rejected. I went through the logs with a fine-toothed comb and verified this. The stpid scanner is NOT seeing the rejections. I may need to wireshark this before submitting a bug report to Tenable. I will keep the list informed as stuff happens. -Or

Re: Nessus says I have an open relay

On 08.11.21 15:13, White, Daniel E. (GSFC-770.0)[NICS] wrote: Sorry for the delay, but the scanner had network issues and could not re-scan the MTA It turns out that the scanner is in the subnets defined by "mynetworks" But here is the interesting part: all the message attempts made by the sca

Re: Nessus says I have an open relay

r 29, 2021 at 10:22 To: "postfix-users@postfix.org" Subject: [Non-NASA Source][EXTERNAL] Re: Nessus says I have an open relay AFAIK, it is on a different subnet than the ones in "mynetworks" I can triple check with the team that runs them. -Original Message-

Re: Nessus says I have an open relay

L] Re: Nessus says I have an open relay On 29.10.21 10:33, White, Daniel E. (GSFC-770.0)[NICS] wrote: >Nessus Plugin 10167: NTMail3 Arbitrary Mail Relay >TCP post 25 [...] >Nessus Plugin 11852: MTA Open Mail Relaying Allowed (thorough test) >TCP port 25 >

Re: Nessus says I have an open relay

On 29.10.21 10:33, White, Daniel E. (GSFC-770.0)[NICS] wrote: Nessus Plugin 10167: NTMail3 Arbitrary Mail Relay TCP post 25 [...] Nessus Plugin 11852: MTA Open Mail Relaying Allowed (thorough test) TCP port 25 Plugin Output: Nessus was able to relay mails by sending those sequences : [...]

Nessus says I have an open relay

Two "findings" Nessus Plugin 10167: NTMail3 Arbitrary Mail Relay TCP post 25 An open SMTP relay is running on the remote host. Nessus has detected that the remote SMTP server allows anyone to use it as a mail relay provided that the source address is set to '<>'. This issue allows any spammer

Re: not an open relay, but something happened

> On 15 Dec 2020, at 10:50, Michael wrote: > > On Tuesday, December 15, 2020 5:57:45 PM CET, Benny Pedersen wrote: >> why do you accept your own domain in port 25 as envelope sender ? > > because i want to receive my own posts in this or any other mailing list. That is not relevant. Message

Re: not an open relay, but something happened

On 12/15/2020 5:17 AM, Jeff Abrahamson wrote: The received mail had headers that looked like this: ... Received: from p27.eu (unknown [185.222.57.81])     by nantes-1.p27.eu (Postfix) with ESMTP id 8AFC8FF74D     for ; Tue, 15 Dec 2020 11:58:03 +0100 (CET) One safe thing you

Re: not an open relay, but something happened

Dnia 15.12.2020 o godz. 19:01:34 Benny Pedersen pisze: > > reject local domains in envelope sender is safe The only case when this may cause trouble is when someone with mail account outside your domain (say u...@isp.net) is forwarding mail to your domain (say to us...@yourdomain.com), and you se

Re: not an open relay, but something happened

On Tue, Dec 15, 2020 at 06:50:59PM +0100, Michael wrote: > On Tuesday, December 15, 2020 5:57:45 PM CET, Benny Pedersen wrote: > > Why do you accept your own domain in port 25 as envelope sender? > > Because I want to receive my own posts in this or any other mailing list. Mailing lists as postfi

Re: not an open relay, but something happened

Michael skrev den 2020-12-15 18:50: On Tuesday, December 15, 2020 5:57:45 PM CET, Benny Pedersen wrote: why do you accept your own domain in port 25 as envelope sender ? because i want to receive my own posts in this or any other mailing list. envelope sender is not mail from , you should r

Re: not an open relay, but something happened

On Tuesday, December 15, 2020 5:57:45 PM CET, Benny Pedersen wrote: why do you accept your own domain in port 25 as envelope sender ? because i want to receive my own posts in this or any other mailing list. , you should reject this only if you want to prevent receiving your own post to thi

Re: not an open relay, but something happened

Jeff Abrahamson skrev den 2020-12-15 12:17: I received an obvious fishing mail today from ad...@p27.eu (my own domain). I appear not to be running an open relay (say the sorts of websites that offer to check these things), and yet this happened: why do you accept your own domain in port 25 as

Re: not an open relay, but something happened

On 2020-12-15 Jeff Abrahamson wrote: > On 15/12/2020 12:36, Ansgar Wiechers wrote: >> Spoofing the envelope from address (Return-Path: ) is >> actually valid (per the SMTP protocol) and a common occurrence for >> mail sent by bad actors. > > Is prohibiting spoofing envelope from recommended?  I'm n

Re: not an open relay, but something happened

On 15/12/2020 12:36, Ansgar Wiechers wrote: > On 2020-12-15 Jeff Abrahamson wrote: >> I received an obvious fishing mail today from ad...@p27.eu (my own >> domain).  I appear not to be running an open relay [...] >> >> Am I reading this wrong?  Why was that ab

Re: not an open relay, but something happened

On 2020-12-15 Jeff Abrahamson wrote: > I received an obvious fishing mail today from ad...@p27.eu (my own > domain).  I appear not to be running an open relay (say the sorts of > websites that offer to check these things), and yet this happened: > > Dec 15 11:58:03 nantes-

not an open relay, but something happened

I received an obvious fishing mail today from ad...@p27.eu (my own domain).  I appear not to be running an open relay (say the sorts of websites that offer to check these things), and yet this happened: Dec 15 11:58:03 nantes-1 postfix/smtpd[31118]: warning: hostname hosted

Re: Mail server recently became an open relay

Rock solid solution is to separate htdocs (a folder that is accessible via web) from the code folder (the one with scripts). I do not know how that could be done with PHP (I believe you can serve static files with nginx and run php as FPM connected to the nginx with FastCGI) but in Python world we

Re: Mail server recently became an open relay

Dnia 19.10.2020 o godz. 18:26:28 Demi M. Obenour pisze: > Can this be mitigated by denying the PHP user write permission on > any directory where PHP files will be executed? There are multiple methods to mitigate this, this may be one of them. But unsecured scripts that allow such behaviour are s

Re: Mail server recently became an open relay

On 10/19/20 3:29 PM, Jaroslaw Rafa wrote: > Dnia 19.10.2020 o godz. 21:12:20 John Fawcett pisze: >> Sorry not to be able to give a definitive answer. Typical mail injection >> via php will use a script that already calls the php mail function or >> similar functions that open the smtp connection. B

Re: Mail server recently became an open relay

Bob Proulx wrote: > The default PHP "mail()" method sends mail by using the system's > /usr/sbin/sendmail interface rather than SMTP. > > https://www.php.net/manual/en/mail.requirements.php > https://www.php.net/manual/en/function.mail.php Oh! It depends upon the system's php.ini configur

Re: Mail server recently became an open relay

ead. Greping your scripts for "socket_connect" and "mail" is also worth doing. Btw, this is not an "open relay": relaying mail from the localhost (127.0.0.1) is the default postfix behavior because "mynewtorks = 127.0.0.0/8" in may installations, and "smt

Re: Mail server recently became an open relay

Rich Wales wrote: > If the problem were in fact due to a hijacked PHP page, btw, would this > necessarily require the page to be using e-mail or TCP connections > already for its own legitimate purposes, but being co-opted by a hacker > to nefarious ends? Or could *any* PHP script theoretically be

Re: Mail server recently became an open relay

Dnia 19.10.2020 o godz. 21:12:20 John Fawcett pisze: > Sorry not to be able to give a definitive answer. Typical mail injection > via php will use a script that already calls the php mail function or > similar functions that open the smtp connection. But there are other > attack vectors that are po

Re: Mail server recently became an open relay

On 19/10/2020 20:50, Rich Wales wrote: > John Fawcett wrote: > >> One thing I would suggest looking at is if there is a web server running >> on the same host it may be allowing email to be injected into postfix >> via smtp on the loopback interface using some scripting language like >> php or othe

Re: Mail server recently became an open relay

John Fawcett wrote: > One thing I would suggest looking at is if there is a web server running > on the same host it may be allowing email to be injected into postfix > via smtp on the loopback interface using some scripting language like > php or others. I suppose that's possible. I spent some

Re: Mail server recently became an open relay

On 18/10/2020 06:32, Viktor Dukhovni wrote: > On Sat, Oct 17, 2020 at 09:14:50PM -0700, Rich Wales wrote: > >> Thanks. I was actually thinking something of the sort myself -- my >> server is indeed behind a separate firewall appliance. >> >> However, other e-mail (such as your recent reply to my i

Re: Mail server recently became an open relay

On Sat, Oct 17, 2020 at 09:14:50PM -0700, Rich Wales wrote: > Thanks. I was actually thinking something of the sort myself -- my > server is indeed behind a separate firewall appliance. > > However, other e-mail (such as your recent reply to my inquiry) is NOT > exhibiting this same NAT/proxy ad

Re: Mail server recently became an open relay

> No, it says no such thing. It says the EHLO name was [154.91.34.144], > the client IP was however 127.0.0.1. It seems you have some sort of > proxy or NAT in place that masks the real external IP address, making > all connections appear to originate from 127.0.0.1. That would sure > explain

Re: Mail server recently became an open relay

On Sat, Oct 17, 2020 at 08:41:25PM -0700, Rich Wales wrote: > Received: from memoryalpha.richw.org ([127.0.0.1]) >     by localhost (memoryalpha.richw.org [127.0.0.1]) (amavisd-new, port > 10024) >     with ESMTP id D0t9j6VORyNH for ; >     Thu, 15 Oct 2020 14:48:06 -0700 (PDT) >

Re: Mail server recently became an open relay

Sorry, when I said "chronologically last 'Received:' line" in my earlier e-mail, I meant to say "chronologically first (physically last)".  Mea culpa. Rich Wales ri...@richw.org

Re: Mail server recently became an open relay

very first line (smtpd[6414], before any amavis processing) have localhost as the client? If my server is getting confused and thinks the message in question originally came from localhost, I can easily understand why the open relay checks are being skipped, since my main.cf file includes 127.0

Re: Mail server recently became an open relay

Rich Wales: > > Why do you believe that your server is an open relay, as in, it > > will forward messages FROM spammers TO remote destinations. > > Wietse > > Because it *is* accepting messages from outsiders (spammers) and is > using my server to relay those messages

Re: Mail server recently became an open relay

On 2020-10-16 21:16, Bill Cole wrote: > Based on your config and descriptions, it smells like a compromised > account being used to pump mail through your submission service. A full > set of log lines for one of the messages should reveal that. The > master.cf lines for smtpd and submission would

Re: Mail server recently became an open relay

On 16 Oct 2020, at 18:20, Rich Wales wrote: Hi. My mail server (memoryalpha.richw.org), running Postfix 3.3.0, recently started attracting open relay spam. I thought I had done all the appropriate things in Postfix to block open relay traffic, and I hadn't seen any such traffic for a

Re: Mail server recently became an open relay

On Oct 16, 2020, at 11:17 PM, Rich Wales wrote: > > No, Viktor, I have not deleted my logs. However, there is so much stuff > in the Postfix log (/var/log/mail.log on my system) -- including both > good e-mail messages and bad, overlapped every which-way, multiple > Postfix processes, etc. -- th

Re: Mail server recently became an open relay

No, Viktor, I have not deleted my logs. However, there is so much stuff in the Postfix log (/var/log/mail.log on my system) -- including both good e-mail messages and bad, overlapped every which-way, multiple Postfix processes, etc. -- that I don't think I can reasonably hope for anyone to be able

Re: Mail server recently became an open relay

On Oct 16, 2020, at 10:28 PM, Rich Wales wrote: > > The next time I see this happen -- could be tomorrow, could be weeks > from now, I have no idea when -- I'll gladly forward a copy of my > "mailq" output. I deleted my earlier evidence, I'm afraid. No "mailq" output needed. Just the relevant

Re: Mail server recently became an open relay

> Why do you believe that your server is an open relay, as in, it > will forward messages FROM spammers TO remote destinations. > Wietse Because it *is* accepting messages from outsiders (spammers) and is using my server to relay those messages to remote destinations. It was (and sti

Re: Mail server recently became an open relay

I would think running an open relay test would be step one. https://mxtoolbox.com/diagnostic.aspx There are probably half a dozen online services that do this. Which brings me to my question: Is there an open relay test website that is considered the best? I have noticed some run multiple

Re: Mail server recently became an open relay

Rich Wales: > Hi. My mail server (memoryalpha.richw.org), running Postfix 3.3.0, > recently started attracting open relay spam. I thought I had done all Why do you believe that your server is an open relay, as in, it will forward messages FROM spammers TO remote destinations. Wietse

Mail server recently became an open relay

Hi. My mail server (memoryalpha.richw.org), running Postfix 3.3.0, recently started attracting open relay spam. I thought I had done all the appropriate things in Postfix to block open relay traffic, and I hadn't seen any such traffic for a very long time, but suddenly I've gotten thr

Re: ISP open relay

On 13 Jan 2020, at 07:58, Jaroslaw Rafa wrote: > You were forced to use ports 587 or 465 for outgoing mail. Yes, that is a sensible ISP. -- And she was lying in the grass And she could hear the highway breathing And she could see a nearby factory She's making sure she is not d

Re: ISP open relay

tem in their network means an open relay from their network and that is > bad for the reputation of the network. So, they may force all clients to > go to their relay. I guess not many ISPs still do this anymore, though > some may still block port 25 to anywhere but their own mail relay. I o

Re: ISP open relay

Some ISP’s even go further my catching all traffic to port 25 to any system outsuide their network (other than to their own MTAs) blocking it or directing that to their own MTA. That is because of course one hacked system in their network means an open relay from their network and that is bad

Re: ISP open relay

 > Hello > > My ISP email even doesn’t require SMTP AUTH. Will they be acting as open > relay? How to stop abuse of outgoing mail? > > Regards

ISP open relay

Hello My ISP email even doesn’t require SMTP AUTH. Will they be acting as open relay? How to stop abuse of outgoing mail? Regards

Re: Postfix is not open relay but send spam

On 15 Oct 2019, at 13:24, Thilo Molitor wrote: Or use openssl s_client -starttls smtp -connect :25 for tls on port 25 (in case port 465 is not configured on your server or the configuration differs from port 25) See the original poster's earlier message: his issue is specifically with a spa

Re: Postfix is not open relay but send spam

On Tue, Oct 15, 2019 at 05:15:38PM +0200, Julien Michaux wrote: > Do you have a way to test authentification with smtps ? Why bother? Your "cyrus" account has a password that is weak, leaked or perhaps even empty. Disable logins by "cyrus", you surely don't need them. -- Viktor.

Re: Postfix is not open relay but send spam

Or use openssl s_client -starttls smtp -connect :25 for tls on port 25 (in case port 465 is not configured on your server or the configuration differs from port 25) Am Dienstag, 15. Oktober 2019, 11:30:42 CEST schrieb Bill Cole: > On 15 Oct 2019, at 11:15, Julien Michaux wrote: > > Do you have a

Re: Postfix is not open relay but send spam

On 15 Oct 2019, at 11:15, Julien Michaux wrote: Do you have a way to test authentification with smtps ? openssl s_client -connect :465 That will negotiate an SSL/TLS connection with the given host on port 465 (smtps) and leave you inside the encrypted session as if you'd used 'telnet :25'

Re: Postfix is not open relay but send spam

Do you have a way to test authentification with smtps ? AUTH LOGIN over smtp is disabled so postfix reply : 503 5.5.1 Error: authentication not enabled Michaux Julien Courriel : jul...@michaux.name Le mar. 15 oct. 2019 à 16:57, Jaroslaw Rafa a écrit : > Dnia 15.10.2019 o godz. 16:47:59 Julien

Re: Postfix is not open relay but send spam

Dnia 15.10.2019 o godz. 16:47:59 Julien Michaux pisze: > Oct 13 19:41:29 mail postfix/smtps/smtpd[25100]: 5A064379357: > client=unknown[185.153.197.48], sasl_method=LOGIN, sasl_username= > cy...@mydomain.com This line says that the client at IP address 185.153.197.48 managed to authenticate to you

Re: Postfix is not open relay but send spam

Hi, Here is a log : Oct 13 19:41:28 mail postfix/qmgr[15506]: 8F189379357: removed Oct 13 19:41:28 mail postfix/smtps/smtpd[25100]: warning: hostname server-185-153-197-48.cloudedic.net does not resolve to address 185.153.197.48 Oct 13 19:41:28 mail postfix/smtps/smtpd[25100]: connect from unknow

Re: Postfix is not open relay but send spam

On 15/10/2019 08:27, Julien Michaux wrote: > Time to time, my server is attack and he sends spam. All spam are from a > specific address "cy...@mydomain.com" I tried many things but nothing works> > I have to stop postfix for some hours and attack ends until next time. > Have you tried puttin

Re: Postfix is not open relay but send spam

Hi shot me if I'm wrong ;-) but I think your smtp service is an open relay?! I don't see reject_unauth_destination after your permit_mynetwork and permit_sasl_authenticated. Thats means (at least afaik) that any mail will be accepted as long as it does not hit one of your reject_* stat

Re: Postfix is not open relay but send spam

On 10/15/2019 1:27 AM, Julien Michaux wrote: Time to time, my server is attack and he sends spam. All spam are from a specific address "cy...@mydomain.com" . I tried many things but nothing works. I have to stop postfix for some hours and attack ends until next time.

Re: Postfix is not open relay but send spam

On Oct 15, 2019, at 5:22 AM, @lbutlr wrote: > There is no instance of permit_mynetworks in my main.cf not in my master.cf > file. There is no instance of permit_mynetworks in my main.cf *nor* in my master.cf file. -- 'It is always useful to face an enemy who is prepared to die for his count

Re: Postfix is not open relay but send spam

On Oct 15, 2019, at 1:27 AM, Julien Michaux wrote: > smtpd_helo_restrictions = > permit_mynetworks, > smtpd_recipient_restrictions = >permit_mynetworks, > smtp_sender_restrictions = >permit_mynetworks, > smtp_helo_restrictions = > permit_mynetworks, > smtp_recipient_restriction

Re: Postfix is not open relay but send spam

Am 15.10.19 um 09:27 schrieb Julien Michaux: > Hi everyone, > > I have a problem with postfix. > > I use OBM as a mail server (postfix + cyrus + ldap, etc...). My postfix > is not openrelay : > Do you see something in the logs how the spam enters your system? Possibly a authenticated user or so

Re: Postfix is not open relay but send spam

Dnia 15.10.2019 o godz. 09:27:42 Julien Michaux pisze: > > Time to time, my server is attack and he sends spam. All spam are from a > specific address "cy...@mydomain.com" . > I tried many things but nothing works. I have to stop postfix for some > hours and attack ends until next time. Do you ha

Postfix is not open relay but send spam

Hi everyone, I have a problem with postfix. I use OBM as a mail server (postfix + cyrus + ldap, etc...). My postfix is not openrelay : 220 xx ESMTP Postfix (Debian/GNU) [706 ms] EHLO keeper-us-east-1c.mxtoolbox.com 250-xx 250-PIPELINING 250-SIZE 52428800 250-VRFY 250-ETRN 250-STARTTLS 25

Re: Fixing open relay problem

> > smtpd_recipient_restrictions = > > permit_mynetworks, > > permit_sasl_authenticated, > > permit_auth_destination, > > Though it does not explain the purported open relay issue, > "permit_auth_destination" here makes no sense. I think you should >

Re: Fixing open relay problem

it_sasl_authenticated, > permit_auth_destination, Though it does not explain the purported open relay issue, "permit_auth_destination" here makes no sense. I think you should delete it. Anything it does not permit is sure to be blocked below, so it is simpler to just move "reject_unauth_destination&q

Re: Fixing open relay problem

On Jan 22, 2019, at 1:30 AM, Dominic Raferd wrote: > > On Tue, 22 Jan 2019 at 06:22, Stephen McHenry > wrote: >> (and from postconf -d) >> smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, >> defer_unauth_destination >> >> > I think you are just lucky that this didn't

Re: Fixing open relay problem

> from the old one. > > After a couple of months, I began to notice that it appeared to be getting > used (infrequently) as an open relay, despite my attempts to lock it down > so that couldn't happen. Then, the problem got worse. The one pattern I > noticed was that all the

Fixing open relay problem

at it appeared to be getting used (infrequently) as an open relay, despite my attempts to lock it down so that couldn't happen. Then, the problem got worse. The one pattern I noticed was that all the messages had forged senders that were from my domain (e.g., bogussen...@mydomain.com). I've

Re: Is this behavior an open relay or not ?

Roberto Carna skrev den 2018-11-26 21:00: Dear Noel, thanks for your help. In the case of rejecting incoming mail from my own domain, do I have to use just SPF? Or is it possible to use an ACL defined in main.cf [3] ? its safe to reject rcpt to domains as senders on port 25, spf is just more

Re: Is this behavior an open relay or not ?

Roberto Carna skrev den 2018-11-26 20:34: and finally the message arrives to may Inbox. Because I suppose that the normal behavior is sending mail from local address just from an internal IP...not from external. its not open relay if mail is delivered local it will be open ralay if its

Re: Is this behavior an open relay or not ?

On 26 Nov 2018, at 17:08, Noel Jones wrote: On 11/26/2018 2:00 PM, Roberto Carna wrote: Dear Noel, thanks for your help. In the case of rejecting incoming mail from my own domain, do I have to use just SPF? Or is it possible to use an ACL defined in main.cf ? Thanks again, go

Re: Is this behavior an open relay or not ?

On 11/26/2018 2:00 PM, Roberto Carna wrote: > Dear Noel, thanks for your help. > > In the case of rejecting incoming mail from my own domain, do I have > to use just SPF? Or is it possible to use an ACL defined in main.cf > ? > > Thanks again, good bye !!! Yes, you can find exam

Re: Is this behavior an open relay or not ?

Dear Noel, thanks for your help. In the case of rejecting incoming mail from my own domain, do I have to use just SPF? Or is it possible to use an ACL defined in main.cf ? Thanks again, good bye !!! El lun., 26 nov. 2018 a las 16:47, Noel Jones () escribió: > On 11/26/2018 1:34 PM, Roberto Carn

  1   2   3   4   >