I've discovered that the default Postfix install as done in openSUSE 10.2 and SLES9 provides an open relay for anyone on the same subnets as the mail server.
This includes both the internal and external subnets. Postfix defaults to mynetworks_style = subnet but the fine print says that means ALL subnets to which it has an interface. So some of my customers run mail servers on static IPs and these machines offer an open relay from anywhere on the internet to any host on the same subnet as the server. Say I have two customers with static IPs in the 206.174.64.0/18 range... From anywhere, I can send mail thru one of them, (say 206.174.64.22) to any server that happens to be in that same /18 by simply using 206.174.64.22 as my smtp server. Now admittedly, this isn't going to get Joe Spammer vary far but it still seems like a hole to me. By adding the line: mynetworks = 192.168.2.0/24, 127.0.0.0/8 you can prevent this, but Yast does not offer that as best I can see, so you have to remember to do it manually. -- _____________________________________ John Andersen
pgp5fDaVZKVjL.pgp
Description: PGP signature
