I have a server running Xeams for spam filtering, and another server running Postfix 2.6.6. Both servers are on the same network behind a firewall. Haven’t had any problems until recently when Xeams tech support pointed out that my Xeams server is showing as an open relay, but my Postfix server is not. They are telling me it’s because my Postfix server config is broken by not rejecting invalid user addresses passed through from Xeams.
Sure enough, if I telnet from any machine on the same network as the Postfix server, it accepts email to any user, real or not. However, from any other machine outside that network, it rejects invalid addresses it as it should. I have tried some variations with the mynetworks but that seems to break other things. I need to close this hole up. I don’t think it’s been abused as of yet, but it’s only a matter of time. Attached is the postconf -n output. alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all inet_protocols = ipv4 mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 30720000 mydestination = $myhostname, localhost, localhost.localdomain mydomain = starionhost.net myhostname = mail.starionhost.net newaliases_path = /usr/bin/newaliases.postfix proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_tls_CAfile = /etc/pki/tls/cert.pem smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem smtpd_use_tls = yes unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_transport = dovecot virtual_uid_maps = static:5000 Jeff
