Bastian Blank-3 wrote
> On Fri, Jan 20, 2017 at 02:01:27PM -0700, Postfix User wrote:
>> check_sender_access $virtual_alias_maps,
>
> You are creating an open relay, don't do that.
Actually I am not creating an open relay, $virtual_alias_maps contains only
internal addresses. When I try s
> On Jan 21, 2017, at 07:31, Kiss Gabor (Bitman) wrote:
>
> My logs are fullfilled with this:
>
> Jan 20 20:05:26 linzer postfix/smtpd[22308]: warning: hostname
> c942452695-cloudp
> ro-214859053.cloudatcost.com does not resolve to address 167.88.40.162: Name
> or
> service not known
> Jan 2
On Sat, Jan 21, 2017 at 04:38:57AM -0700, Postfix User wrote:
> Bastian Blank-3 wrote
> > On Fri, Jan 20, 2017 at 02:01:27PM -0700, Postfix User wrote:
> >> check_sender_access $virtual_alias_maps,
> >
> > You are creating an open relay, don't do that.
>
> Actually I am not creating an o
Kiss Gabor (Bitman):
> My logs are fullfilled with this:
>
> Jan 20 20:05:26 linzer postfix/smtpd[22308]: warning: hostname
> c942452695-cloudp
> ro-214859053.cloudatcost.com does not resolve to address 167.88.40.162: Name
> or
> service not known
> Jan 20 20:05:26 linzer postfix/smtpd[22308]:
Maybe I'm blind, but I don't see any recipient restrictions at all
On January 20, 2017 5:41:29 PM EST, Postfix User wrote:
>My test procedure follows
>telnet domain.com 25
>ehlo me
>mail from:
>rcpt to:
>At this point I get "Ok" message, and I can continue writing the body
>of t
> > Is there any way to know what username was used in these attempts.
> > (An existing one every time or they are choosen from a dictionary?)
> saslauthd is likely logging failure via LOG_AUTH facility, see
> /var/log/auth.log or /var/log/secure.
Bingo! :-)
Names came from dictionary.
Thanks.
Thanks for the tips Viktor,
For some reason the order of restrictions in smtpd_relay_restrictions
(Postfix 2.11.0) was wrong. Luckily expected check_sender_access values are
not valid email addresses. After I fix both problems I will post a new
postconf -n output.
Robin
Viktor Dukhovni wrote
>
You are right, there are no recipient restrictions, except
permit_sasl_authenticated restricting remote recipients for authenticated
clients only.
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Prevent-Backscatter-tp88359p88385.html
Sent from the Postfix Users mailing lis
Postfix User wrote
> After I fix both problems I will post a new postconf -n output.
I removed completely check_sender_access, it is not required anymore.
Wietse Venema wrote
> Is your server MX host for domains that are delivered to a different
> mail server?
> If not:
> Set relay_domains t
Postfix User:
> smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
> reject_unauth_destination
This will be an open relay if all your SMTP mail is logged with the
same client IP address, i.e. your SMTP mail comes from some box
that is in mynetworks, and Postfix never sees the
Wietse Venema wrote
> This will be an open relay if all your SMTP mail is logged with the
> same client IP address, i.e. your SMTP mail comes from some box
> that is in mynetworks, and Postfix never sees the original SMTP
> client IP address.
I can remove permit_mynetworks, but only trusted people
Wietse Venema:
> Postfix User:
> > smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
> > reject_unauth_destination
>
> This will be an open relay if all your SMTP mail is logged with the
> same client IP address, i.e. your SMTP mail comes from some box
> that is in mynetwork
12 matches
Mail list logo
