On 09.11.21 13:47, White, Daniel E. (GSFC-770.0)[NICS] wrote:
On 11/9/21, 08:20, "owner-postfix-us...@postfix.org on behalf of Matus UHLAR -
fantomas" <owner-postfix-us...@postfix.org on behalf of uh...@fantomas.sk> wrote:
so the server successfully accepted mail to remote recipient. That's called
open relay.
Note that nessus can't know if it's in server's $mynetwork.
>And from the maillog, I get this:
>
>Nov 09 12:56:44 MAIL_SERVER postfix/smtp[140754]: F077F1016F54:
> to=<foo...@foobar.org>, relay=LOCAL_MDA[aaa.bbb.ccc.ddd]:25, delay=0.12,
> delays=0.03/0.03/0.02/0.03, dsn=4.7.1, status=deferred (host
> LOCAL_MDA[aaa.bbb.ccc.ddd] said: 454 4.7.1 <foo...@foobar.org>: Relay
> access denied (in reply to RCPT TO command))
This means that the mailserver is not able to deliver the mail.
The problem described by nessus is that it is willing to deliver it.
exclude nessus's IP from $mynetworks.
Not practical. Based on the rejection log, which parameter will let postfix
reject rather than defer ?
none.
your postfix accepts the mail for relaying, which is a sign of open relay.
make postfix reject the mail from nessus at the input (smtpd), not at the
output (smtp) either by excluding nessus IP from $mynetworks or by other
measures, but those will be even less practical.
Or move nessus outside of $mynetwors.
if you are not willing to put !ne.ss.uss.ip at the beginning of $mynetworks.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.
