More testing. There seems to be something not working with the
mynetworks policy bank. If the email is from a user not in the mysql
database, but still on a mynetworks address, sending to a user also not
in the database, I get the Open relay.
But if the target user IS in the database, the database policy bank tags
the email as ok and not an Open relay problem.
More testing is needed at some point, but at least for me, once in
production, the target user of all these server emails go to a
registered user.
So, for now, on with other testing.
On 04/24/2017 04:40 PM, Robert Moskowitz wrote:
On 04/22/2017 01:00 AM, Benny Pedersen wrote:
Robert Moskowitz skrev den 2017-04-21 21:16:
Been doing some research. mynetworks should stop the localhost from
seeming like an Open relay. I don't have this problem on my old
production server. I am researching it.
check originating policy banks in amavisd, make sure local originated
emails is gone into this bank in amavisd, this is important else it
would be seen as a relay host and all sorts of fake msgs :=)
and for xforward in mta as well to help solve it
i dont use amavisd anymore, so cant help more with it
I have just done more testing, and cannot get this working. I even
copied exactly what I have for @mynetworks from my old system, and
made the change right were the default in amavis.conf is instead of
appending it to the end. No change.
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
And this server is at: 192.168.192.14/24
The old system is running: amavisd-new-2.6.4-2.el6
and the new one: amavisd-new-2.10.1-5.el7
Also BOTH .confs define policy_bank as:
$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
originating => 1, # is true in MYNETS by default, but let's make it
explicit
os_fingerprint_method => undef, # don't query p0f for internal clients
};
And no where is MYNETS defined on either system's .conf
? Puzzled
WAIT!!!
The old server is at: 50.253.254.3/28
and that is not EVEN in @mynetworks!
And the other servers are on 50.253.254.0/28 and they do not get the
Open Relay message!
Something else is at work here...
