On Thu, Mar 31, 2011 at 08:28:08AM -0700, Jim McIver wrote:
> Our webhosting company(which is offsite) has told me that the postfix-2.5
> on our Freebsd 7.2 server is being used as an open relay for email so they
> have closed port 25.
Logs of a message that failed to be rejected?
> #postconf -n
> command_directory = /usr/local/sbin
> config_directory = /usr/local/etc/postfix
> daemon_directory = /usr/local/libexec/postfix
> data_directory = /var/db/postfix
> debug_peer_level = 2
> html_directory = no
> inet_interfaces = loopback-only
With this set, and no additional SMTP listeners in master.cf, you don't
accept any external SMTP traffic on port 25, so you can't be an open
relay. However, you may have vulnerable CGI scripts that allow external
users to send email to arbitrary destinations by filling in forms...
Audit your CGI web forms.
> local_transport = error:local delivery is disabled
> mail_owner = postfix
> mailq_path = /usr/local/bin/mailq
> manpage_directory = /usr/local/man
> mydestination = $myhostname, localhost.$mydomain, localhost
> mydomain = lmtribune.com
> mynetworks_style = host
> myorigin = $mydomain
> newaliases_path = /usr/local/bin/newaliases
> queue_directory = /var/spool/postfix
> readme_directory = no
> relay_domains =
> relayhost =
> sample_directory = /usr/local/etc/postfix
> sendmail_path = /usr/local/sbin/sendmail
> setgid_group = maildrop
> unknown_local_recipient_reject_code = 550
This Postfix configuration is not an open relay.
--
Viktor.
