Sahil Tandon:
> Jason Drage <[EMAIL PROTECTED]> wrote:
>
> > Hi All, I'm having trouble locking down relaying and I can't see what
> > I'm doing wrong.
> >
> > I'm trying to configure the server to only send mail iff:
> > 1. Sender is on mynetworks, or
> > 2. Sender is authenticated
> >
> > Everything else should be rejected but it isn't, and I can't see whats
> > wrong with my config.
>
> I just relayed mail to myself from your server. Interesting header:
>
> Received: from [10.0.1.198] (gateway [192.168.1.1])
> by mail.ibsglobalweb.com (Postfix) with ESMTP id 5D1FD8FD55
> for <[EMAIL PROTECTED]>; Thu, 7 Aug 2008 10:55:05 +1000 (EST)
>
> I can't be sure, but I suspect something is happening to packets (perhaps
> due to your firewall/NAT configuration) before they hit Postfix, such
> that it thinks all mail is arriving from 192.168.1.1. I relayed from two
> different locations and each time your system thought mail arrived from
> that same internal gateway IP.
Thus, this would close an open relay hole:
/etc/postfix/main.cf:
mynetworks = !192.168.1.1 192.168.0.0/16 127.0.0.0/8
So would replacing this piece of junk with something that doesn't
change the remote IP address.
Wietse
