Stephen Satchell via Postfix-users:
> Assuming that one's configuration has open relay, what does a log entry
> for relayed mail look like?
>
> I don't think I've any open relay, but I want to look and make sure.
>
> I've searched for half an hour, and no answer came up. But, I did find
> some hints. Specifically, I use this command to list all outgoing mail:
>
> > grep relay= mail.log | grep -v relay=local
As Mathus noted, that is the remote MX host.
You are safe if
1 - You have no other rules between permit_mynetworks,
permit_sasl_authenticated, and reject_unauth_destination.
Examples:
smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
smtpd_recipient_restrictions =
...other rules...
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
...other rules...
2 - You have no wildcards in $mydestination, $virtual_alias_domains,
or $relay_domains.
If you want to detect open relay problems after the fact from
logging, you need something like "collate.pl" (included in the
Postfix source tarball), which groups records that belong to the
same message, then delete the groups that are safe:
3 - Delete record groups with deliveries for local submissions (with
logging from the "pickup" but this gets complicated if you use a
"simple pipe plus sendmail" based content filter because you should
not delete record groups with "pickup ... uid=xxx" that match the
content filter.
4 - Delete record groups with deliveries from authorized clients
(logging that has "sasl_user=username").
5 - Delete record groups with deliveries to authorized destinations
(match the domains in $mydestination, $virtual_alias_domains, or
$relay_domains).
What remains could be unauthorized relaying.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
