RE: Help, still an open relay.?

Fri, 09 Apr 2010 05:58:46 -0700 

Solved!. Thanks

The problem was external clients were NAT translated. Had my network guy undo 
it and its working fine now!

Thanks again!

P.S - Victor,  what is the best practice to have smtpd_recipient_restrictions? 
in which order?

> Date: Tue, 6 Apr 2010 17:57:57 -0400
> From: victor.ducho...@morganstanley.com
> To: postfix-users@postfix.org
> Subject: Re: Help, still an open relay.?
> 
> On Tue, Apr 06, 2010 at 01:21:26PM -0800, M M wrote:
> 
>> [...] my server is an open relay according to online tests.
>> 
>> mynetworks = 127.0.0.1/8, 198.100.50.0/24
> 
> Make sure external clients are not NAT translated into this address space.
> 
>> virtual_mailbox_domains =
>>      mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
> 
> Make sure this table does not match all lookup keys, report the output of:
> 
>     $ postmap -q a.test mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
> 
>> virtual_alias_maps = 
>> mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-email2email.cf
> 
> Make sure this table does not match all lookup keys, report the output of:
> 
>     $ postmap -q a.test \
>       mysql:/etc/postfix/mysql-virtual-alias-maps.cf \
>       mysql:/etc/postfix/mysql-email2email.cf
> 
>> smtpd_recipient_restrictions =
>>   reject_invalid_hostname,
>>   reject_non_fqdn_sender,
>>   reject_non_fqdn_recipient,
>>   reject_unknown_sender_domain,
>>   reject_unknown_recipient_domain,
>>   permit_mynetworks,
>>   reject_unauth_destination,
>>   permit_sasl_authenticated,
>>   reject_unauth_pipelining,                                    
> 
> The "permit_sasl_authenticated" is pretty useless after
> "reject_unauth_destination". With this, the only way for you to be an
> "open relay" (show logs of messages you accepted that should not have
> been accepted) is if mynetworks is wrong (NAT?) or the domain lists
> (mydestination, virtual_alias_domains, virtual_mailbox_domains, ...)
> are wrong. My bet is on misconfigured SQL queries.
> 
> -- 
>       Viktor.
> 
> P.S. Morgan Stanley is looking for a New York City based, Senior Unix
> system/email administrator to architect and sustain our perimeter email
> environment.  If you are interested, please drop me a note.
                                          
_________________________________________________________________
The New Busy is not the old busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3

Reply via email to