Try this :)
telnet some.other.host.running.postfix 25
HELO my.hostname
MAIL FROM:<[EMAIL PROTECTED]>
RCPT TO:<[EMAIL PROTECTED]>
DATA
Testing testing
.
QUIT
Ethan Benson wrote:
>
> On Thu, Nov 02, 2000 at 10:42:38AM +0100, Ingemar Fällman wrote:
> > Hi
> >
> > When i was looking trough my logs tody i found that my host had been
> > used
> > as a relay host... I changed from sendmail to postfix because everyone
> > told
> > me that postfix was more secure.
> >
> > When looking at the default configurationfiles installed by debian there
> > was
> > nothing that prevents unauthorized users to send mail to anyone.
>
> did you run a test to see if this was really the case? such as telnet mail-abuse.org
>
> i have run such a test on a default potato postfix setup and it passed
> all those tests, is there some other relay method that it does not
> catch?
>
> > By adding this line to main.cf you can make sure that only your host can
> > send mail to users outside your system:
> >
> > smtpd_sender_restrictions = check_relay_domains,
>
> from the smtpd man page:
>
> smtpd_sender_restrictions
> Restrict what sender addresses are allowed in MAIL
> FROM commands.
>
> it is true that postfix does not tend to care what you put in a FROM
> but that does not mean it allows relay (just watch the mail-abuse.org
> tests)
>
> what postfix does is check to see whether the TO address is local, and
> if not it checks whether the connecting user is within the allowed
> relay domain (which is by default only the domain of the mailhost) if
> not it refuses the message.
>
> > reject_unknown_sender_domain
>
> didn't find this one.. (didnt search through all the man pages)
>
> > Is this someting that should be added by default?? I think so....
>
> no MTA should ever be a open relay much less by default, but from my
> testing postfix is not. are you sure your using the debian current
> packages and not some old ones? there was an old broken version of
> postfix way back when that was a open relay, it was a bug long ago
> fixed. (its in the FAQ)
>
> but then i could be missing something, im tired ;-)
>
> --
> Ethan Benson
> http://www.alaska.net/~erbenson/
>
> ------------------------------------------------------------------------
> Part 1.2Type: application/pgp-signature
--
Ingemar Fällman Phone: +46(0)90 786 9335
UMDAC, Umeå University Fax: +46(0)90 786 6762
S-901 87 UMEÅ, SWEDEN MailTo:[EMAIL PROTECTED]
----------------------------------------------------------------
$_ = "I'n Jvtu bopuifs Pfsm ibdlfs,"; y/a-z/za-y/; print "$_\n";
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
