Stephen Satchell via Postfix-users: > Assuming that one's configuration has open relay, what does a log entry > for relayed mail look like? > > I don't think I've any open relay, but I want to look and make sure. > > I've searched for half an hour, and no answer came up. But, I did find > some hints. Specifically, I use this command to list all outgoing mail: > > > grep relay= mail.log | grep -v relay=local
As Mathus noted, that is the remote MX host. You are safe if 1 - You have no other rules between permit_mynetworks, permit_sasl_authenticated, and reject_unauth_destination. Examples: smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination smtpd_recipient_restrictions = ...other rules... permit_mynetworks permit_sasl_authenticated reject_unauth_destination ...other rules... 2 - You have no wildcards in $mydestination, $virtual_alias_domains, or $relay_domains. If you want to detect open relay problems after the fact from logging, you need something like "collate.pl" (included in the Postfix source tarball), which groups records that belong to the same message, then delete the groups that are safe: 3 - Delete record groups with deliveries for local submissions (with logging from the "pickup" but this gets complicated if you use a "simple pipe plus sendmail" based content filter because you should not delete record groups with "pickup ... uid=xxx" that match the content filter. 4 - Delete record groups with deliveries from authorized clients (logging that has "sasl_user=username"). 5 - Delete record groups with deliveries to authorized destinations (match the domains in $mydestination, $virtual_alias_domains, or $relay_domains). What remains could be unauthorized relaying. Wietse _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org