Re: [expert] "Open relay" using Postfix. Need config help.

Thu, 26 Jun 2003 03:25:12 -0700 

Am Mittwoch, 25. Juni 2003 16:49 schrieb Ralph Crongeyer:

Hi Ralph,

> Hi all,
>
> I have been using postfix for about a year or so and I needed to change my
> configuration and now I can't seem to get it working the same way I had it.
>
> At the end of my /etc/postfix/main.cf file I have:
>
> mydestination = $myhostname, localhost.$mydomain, $mydomain
> myorigin = $mydomain
> smtpd_recipient_restrictions = permit_mynetworks, check_client_access,
> hash:/etc/postfix/access, check_relay_domains
>
> and then in the /etc/postfix/access I have:
>
> 111.222.333.444       OK
> 222.333.444.555       OK
>
> and so on.
>
> But now, with this setup, anyone can send mail through? i.e. "Open Relay".

No, normaly not (if all your listed IP addresse ar static to the hosts you 
want to relay).

>
> I need it to beable to send mail for the entire domain and some clients
> outside the domain.

The entire domain is matched by the mynetwork stuff. the outsiders should use 
smtp-auth.

>
> Ralph

Don't use access-file to allow relaying unless the IP addresses you listed are 
absolute static. Use smtp auth instead. This is more flexible and users from 
dynamic IP addresses can relay through you mailserver too.

Btw: does your smtpd_recipient_restrictions relay look like the list above? 
There should be a warning or an error in the logfiles (in /var/log/mail) 
about a mistyping. Normaly smtpd_recipient_restrictions should look like this 
(there is no comma between check_client_access and the hash table) :

smtpd_recipient_restrictions =
        reject_unknown_recipient_domain
        reject_unknown_sender_domain
        reject_non_fqdn_sender
        reject_non_fqdn_recipient
        permit_mynetworks
        check_client_access hash:/etc/postfix/access
        reject_unauth_destination

and did you rehash the access file?

Martin
-- 
------------------------------------------------------------
H E L I X Gesellschaft f�r Software & Engineering mbH
------------------------------------------------------------
Hanauer Landstrasse 52              Telefon (069) 4789 35-30
D-60314 Frankfurt am Main           Telefax (069) 4789 35-44
------------------------------------------------------------
http://www.helix-gmbh.net                [EMAIL PROTECTED]
------------------------------------------------------------

Attachment: pgp00000.pgp
Description: signature

Reply via email to