On 5/15/2019 11:24 AM, Peter Fraser wrote:
Hi All
We had an auditor to an internal pentest for our network. The result
for our Postfix box was (My Words) Although your SMTP server
prevents relay in some circumstances, it still allows email from an
empty domain. I am aware that the empty domain <> is needed for
bounce messages. Is there a way to prevent an initial email out form
an empty domain but still allow Postfix to use it internally for
bounce messages?
Thanks and Regards
SI
No.
This sounds as if they are complaining because you accept bounces -
"from an empty domain". This has nothing to do with open relay or
security, and is required for proper operation of any mail system.
In case I'm misunderstanding, it might be better if you explain more
fully exactly how this particular test is conducted, and what they
expect to happen. Postfix logs of the "failed" test, or an SMTP
recording would be helpful.
-- Noel Jones
