Try this :) telnet some.other.host.running.postfix 25 HELO my.hostname MAIL FROM:<[EMAIL PROTECTED]> RCPT TO:<[EMAIL PROTECTED]> DATA Testing testing . QUIT
Ethan Benson wrote: > > On Thu, Nov 02, 2000 at 10:42:38AM +0100, Ingemar Fällman wrote: > > Hi > > > > When i was looking trough my logs tody i found that my host had been > > used > > as a relay host... I changed from sendmail to postfix because everyone > > told > > me that postfix was more secure. > > > > When looking at the default configurationfiles installed by debian there > > was > > nothing that prevents unauthorized users to send mail to anyone. > > did you run a test to see if this was really the case? such as telnet > mail-abuse.org > > i have run such a test on a default potato postfix setup and it passed > all those tests, is there some other relay method that it does not > catch? > > > By adding this line to main.cf you can make sure that only your host can > > send mail to users outside your system: > > > > smtpd_sender_restrictions = check_relay_domains, > > from the smtpd man page: > > smtpd_sender_restrictions > Restrict what sender addresses are allowed in MAIL > FROM commands. > > it is true that postfix does not tend to care what you put in a FROM > but that does not mean it allows relay (just watch the mail-abuse.org > tests) > > what postfix does is check to see whether the TO address is local, and > if not it checks whether the connecting user is within the allowed > relay domain (which is by default only the domain of the mailhost) if > not it refuses the message. > > > reject_unknown_sender_domain > > didn't find this one.. (didnt search through all the man pages) > > > Is this someting that should be added by default?? I think so.... > > no MTA should ever be a open relay much less by default, but from my > testing postfix is not. are you sure your using the debian current > packages and not some old ones? there was an old broken version of > postfix way back when that was a open relay, it was a bug long ago > fixed. (its in the FAQ) > > but then i could be missing something, im tired ;-) > > -- > Ethan Benson > http://www.alaska.net/~erbenson/ > > ------------------------------------------------------------------------ > Part 1.2Type: application/pgp-signature -- Ingemar Fällman Phone: +46(0)90 786 9335 UMDAC, Umeå University Fax: +46(0)90 786 6762 S-901 87 UMEÅ, SWEDEN MailTo:[EMAIL PROTECTED] ---------------------------------------------------------------- $_ = "I'n Jvtu bopuifs Pfsm ibdlfs,"; y/a-z/za-y/; print "$_\n";
