Carlos Williams wrote:
I just finished a new Postfix 2.6 installation on a Debian server in a
co-location and just wanted to make sure I am properly testing this
machine is not a 'open relay' before I open it out to the public:
I was told to go to the following URL http://www.abuse.net/relay.html
and I entered my external IP address in the 1st line and nothing else.
After 17 tests, I get the following at the bottom:
"Relay test result
All tests performed, no relays accepted."
Does this mean I am safe? I read somewhere that in my main.cf I should
have the following entry:
relay_domains =
Yes, this is usually a good idea if you don't have
relay_domains (a domain you are MX for, but final delivery is
elsewhere).
"relay_domains: is a list of destination domains this system will
relay mail to.
Correct.
By setting it to be blank we ensure that our mail
server isn't acting as an open relay for untrusted networks.
Not exactly. The "danger" is that by default postfix will
accept subdomains of domains listed in mydestination, which
are then undeliverable and must be bounced.
An example:
mydestination = example.com
postfix will by default accept mail to any...@foo.example.com,
which will be undeliverable and must be bounced, creating
backscatter. This is usually a minor problem, but it's easily
fixed. It certainly isn't an "open relay".
The
reader is advised to test that their system isn't acting as an open
relay here: http://www.abuse.net/relay.html";
That's good advice, but it takes some real bone-headed moves
to make postfix a real open relay.
Now that being said, I don't have relay_domains entry in my main.cf
however according to the site they recommend I test, I don't appear to
be one. Do I need this entry in my main.cf or am I fine? Is there an
other way to test for being an open relay or should I feel safe about
this?
Add "relay_domain =" to your main.cf. It does prevent a minor
problem.
*****postconf -n*****
no glaring errors.
-- Noel Jones
