On Thu, 6 Dec 2012 20:32:17 -0600 /dev/rob0 <r...@gmx.co.uk> wrote: > On Fri, Dec 07, 2012 at 01:23:21AM +0100, Titanus Eramius wrote: > > My highest concern is to setup an open relay by accident, so > > in the process I've used an online anti-spam tester several > > times: http://www.antispam-ufrj.pads.ufrj.br/test-relay.html > > That need not be your highest concern.
Thanks for the reply. I am not sure I follow here, could you please elaborate a bit? ... > Your munging makes it hard to say for sure, but I'm going to go out > on a limb and venture a guess that you host "my_domain.tld" on this > Postfix. > > That's not what "relaying" means. That's "accepting for delivery." > "Relaying" means taking mail for some OTHER site and sending it on > for the client. > > What exactly are you trying to prevent here? ... > So? Your telnet was to port 25. Yes, sorry about the munging and the inconsistency, I'm not sure why I did that. I see your point about submission and port 25, and I guess I still have some learning to do. Thanks for the pointer. In that light I realize my question is wrong, and I hope instead the following example might help to show what I mean. The example is without munging, and Postfix accepts a mail through telnet, and locally hands it over to Dovecot, which in turn delivers the mail. The delivery address exists on the server, and if it doesn't, then Postfix says "Recipient address rejected: User unknown in virtual mailbox table" just as it says "Relay access denied" if I try to relay mail through Postfix. $ dig nt-data.dk mx ;; ANSWER SECTION: nt-data.dk. 5860 IN MX 10 mx01.nt-data.dk. ... mx01.nt-data.dk. 5860 IN A 94.247.168.138 ... titanus@asrock:~$ telnet 94.247.168.138 25 Trying 94.247.168.138... Connected to 94.247.168.138. Escape character is '^]'. 220 ntdata.nt-data.dk ESMTP Postfix EHLO fake 250-ntdata.nt-data.dk 250-PIPELINING 250-SIZE 10240000 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM:s...@veryfakeaddress548562.tld 250 2.1.0 Ok RCPT TO:m...@nt-data.dk 250 2.1.5 Ok DATA 354 End data with <CR><LF>.<CR><LF> content here . 250 2.0.0 Ok: queued as EDB151746A80 quit 221 2.0.0 Bye Connection closed by foreign host. The maillog on the server looks like this: titanus@ntdata:~$ sudo cat /var/log/mail.log | grep "EDB151746A80" Dec 7 17:51:38 ntdata postfix/smtpd[26112]: EDB151746A80: client=unknown[92.243.255.38] Dec 7 17:51:51 ntdata postfix/cleanup[26118]: EDB151746A80: message-id=<> Dec 7 17:51:51 ntdata postfix/qmgr[3981]: EDB151746A80: from=<SRS0=QfAL=KB=veryfakeaddress548562.tld=s...@nt-data.dk>, size=396, nrcpt=1 (queue active) Dec 7 17:51:51 ntdata postfix/pipe[26119]: EDB151746A80: to=<m...@nt-data.dk>, relay=dovecot, delay=36, delays=36/0.01/0/0.17, dsn=2.0.0, status=sent (delivered via dovecot service) Dec 7 17:51:51 ntdata postfix/qmgr[3981]: EDB151746A80: removed If at all possible, I would like the system not to accept the mail. Cheers
