Hi
I am comparatively new to postfix and seem unable to get my
configuration correct to ensure there are no open relays.
For obvious reasons I am not posting from the network
concerned! I set out below
1. Details of test with abuse.net
2. maillog entries for the test
3. network requirements for the server
4. entries in main.cf
1. A test with abuse.net produces the following:
<<< 220 xxx.xxxxx.tld ESMTP Postfix (2.6.2)
>>> HELO www.abuse.net
<<< 250 xxx.xxxxx.tld
Relay test 1
>>> RSET
<<< 250 2.0.0 Ok
>>> MAIL FROM:<spamt...@abuse.net>
<<< 250 2.1.0 Ok
>>> RCPT TO:<x...@xxxx.tld>
<<< 250 2.1.5 Ok
>>> DATA
<<< 354 End data with <CR><LF>.<CR><LF>
>>> (message body)
<<< 250 2.0.0 Ok: queued as 15F7234D421
A report was received indication an open relay
2. The Maillog entry (abbreviated) shows:
date time postfix/smptd[xxxx] connect from verify.abuse.net
[xxxx] 15F7234D421
client=verify.abuse.net
/cleanup[xxxx] 15F7234D421 message-
id=<rlytest-nnnn...@abuse.net
/qmgr[xxxx] 15F7234D421 from
=<spamt...@abuse.net>,size =1125, ncrpt=1 (queue active)
/local [xxxx] 15F7234D421
to=<x...@mydomain.tld>, relay = local,delay=0.41,delays
=0.41/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
/qmgr [xxxx] 15F7234D421 removed
/smptd [xxxx] disconnect from
verify.abuse.net[IP]
3. The mail server is freebsd 7.2 and intended to be the
primary mail server for a small local network for its own
domain and supports mail for multiple virtual domains. The
virtual domains are specified in virtual_alias_domains. The
server also runs qpopper to provide pop3 service to the
local network.
4. Entries from main.cf
relay_domains = $mydestination [mydomain].tld
smptd_recipent_restrictions = permit_mynetworks,
reject_unauth_destinations
###
### NOTE I tried adding
### { smptd_client_restrictions = permit_mynetworks, reject}
### WHICH solved the open relay problem but hardly any mail
got through from the internet!!!
smptd_sender_restrictions = reject_unknown_sender_domain
smptd_sender_restrictions = reject_non_fqdn_sender
smptd_helo_required = yes
smptd_helo_restrictions = reject_invalid_hostname
smptd_helo_restrictions = reject_non_fqdn_hostname
mynetworks_style = subnet
If anyone could point me in the right direction I would be
most obliged
Thanks in advance
David
David Southwell ARPS
Photographic Artist
Permanent Installations and Design
