Len Conrad wrote: > >> postconf | grep percent >> allow_percent_hack = no >> >> ... set to yes. argh >> >> I know at some point I set it to "no" in my standard config file, but when >> I just checked it wasn't there. I've corrected it in my file. >> >> Everybody should check all their postfix boxes __immediately__. >> >> AOL uses the percent hack to test open relay and will block mail from your >> IP if they find it. >> >> just add the line and "postfix reload" and check it with postconf >> >> >>OK, now I'm confused. According to >>http://archives.neohapsis.com/archives/postfix/2001-08/0252.html when it is >>disabled, the relay tester will think it it an open relay even though it >>isn't--of course I could be reading this wrong. When it is enabled, the >>relay checker would think it isn't open when it actually is??? > > > Well, right in the middle of me upgrading an IMGate for client, he gets AOL > tested, = yes, and his box fails, and is now blocked. That's the > experience I'm speaking from. > > from the two instances in the postfix docs: > > > allow_percent_hack > Rewrite user%domain to [EMAIL PROTECTED] > > and > > Rewrite user%domain to [EMAIL PROTECTED] > This feature is controlled by the boolean allow_percent_hack parameter > (default: yes). Typically, this is used in order to deal with > monstrosities such as [EMAIL PROTECTED] >
Yes, I read both and they are clear as mud on what effect they have on relaying to me ;-) > ================================== > > btw, when I searched my client's maillogs for today and previous 3 days, I > saw not one instance of "CloseYourOpenRelay". WTF?? > > I know my IMGates never failed the suite of 17 open-relay-tests that orbs > or whoever used to run every few months > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 02, 2003 4:03 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: *** Server Test Results from America Online, Inc. *** > > > This is a warning message. > > You are receiving this message because this, or one of your mail > relays (see below for details) is open to third party (free) relaying > and has been abused to send unsolicited bulk email (spam) to America Online, > Inc.'s email system. > > Below, you will see output from our database indicating which tests we > performed on your system, and the time at which the last test was > performed. > > For example, if you see: > > mail from:<[EMAIL PROTECTED]> > rcpt to:<[EMAIL PROTECTED]> > > it means we were able to send a piece of email with a "from" address of > "[EMAIL PROTECTED]" through your system, back to the > email account > "[EMAIL PROTECTED]". > (The email address "[EMAIL PROTECTED]" doesn't exist -- > it's greater > than 16 characters -- but the fact that your system tried to > deliver to that > address indicates that your server is available for free relaying. We > encourage you to use this email address as a test... you will receive > undeliverable email back from AOL's Mailer-Daemon if you are open to free > relaying.) > > Here's your server data: > Date: Mon Sep 1 19:30:00 2003 > mail from: <[EMAIL PROTECTED]> > rcpt to: <[EMAIL PROTECTED]> > rcpt to: <[EMAIL PROTECTED]> > rcpt to: <[EMAIL PROTECTED]> I tried both of the above % address formats with allow_percent_hack set both ways and neither would relay mail. The @hostname gives a 'Relay access denied' message and the @ip gives a 'Recipient address rejected: Domain not found' message. Could it be that the @ip form will allow relaying if the IP address is allowed as a destination domain--mine both reject mail sent to [EMAIL PROTECTED] -- Chris Scott Host Orlando, Inc. http://www.hostorlando.com/
