Re: Prevent Backscatter

Wietse Venema: > Postfix User: > > smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, > > reject_unauth_destination > > This will be an open relay if all your SMTP mail is logged with the > same client IP address, i.e. your SMTP mail comes from some box > that is in

Re: Prevent Backscatter

Wietse Venema wrote > This will be an open relay if all your SMTP mail is logged with the > same client IP address, i.e. your SMTP mail comes from some box > that is in mynetworks, and Postfix never sees the original SMTP > client IP address. I can remove permit_mynetworks, but only trusted

Re: Prevent Backscatter

Postfix User: > smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, > reject_unauth_destination This will be an open relay if all your SMTP mail is logged with the same client IP address, i.e. your SMTP mail comes from some box that is in mynetworks, and Postfix never sees

Re: Prevent Backscatter

Postfix User wrote > After I fix both problems I will post a new postconf -n output. I removed completely check_sender_access, it is not required anymore. Wietse Venema wrote > Is your server MX host for domains that are delivered to a different > mail server? > If not: > Set relay_domains

Re: Prevent Backscatter

You are right, there are no recipient restrictions, except permit_sasl_authenticated restricting remote recipients for authenticated clients only. -- View this message in context: http://postfix.1071664.n5.nabble.com/Prevent-Backscatter-tp88359p88385.html Sent from the Postfix Users mailing

Re: Prevent Backscatter

Thanks for the tips Viktor, For some reason the order of restrictions in smtpd_relay_restrictions (Postfix 2.11.0) was wrong. Luckily expected check_sender_access values are not valid email addresses. After I fix both problems I will post a new postconf -n output. Robin Viktor Dukhovni wrote >

Re: [postfix-users] logging username

> > Is there any way to know what username was used in these attempts. > > (An existing one every time or they are choosen from a dictionary?) > saslauthd is likely logging failure via LOG_AUTH facility, see > /var/log/auth.log or /var/log/secure. Bingo! :-) Names came from dictionary. Thanks.

Re: Prevent Backscatter

Maybe I'm blind, but I don't see any recipient restrictions at all On January 20, 2017 5:41:29 PM EST, Postfix User wrote: >My test procedure follows >telnet domain.com 25 >ehlo me >mail from: >rcpt to: >At this point I

Re: logging username

Kiss Gabor (Bitman): > My logs are fullfilled with this: > > Jan 20 20:05:26 linzer postfix/smtpd[22308]: warning: hostname > c942452695-cloudp > ro-214859053.cloudatcost.com does not resolve to address 167.88.40.162: Name > or > service not known > Jan 20 20:05:26 linzer postfix/smtpd[22308]:

Re: Prevent Backscatter

On Sat, Jan 21, 2017 at 04:38:57AM -0700, Postfix User wrote: > Bastian Blank-3 wrote > > On Fri, Jan 20, 2017 at 02:01:27PM -0700, Postfix User wrote: > >> check_sender_access $virtual_alias_maps, > > > > You are creating an open relay, don't do that. > > Actually I am not creating an

Re: logging username

> On Jan 21, 2017, at 07:31, Kiss Gabor (Bitman) wrote: > > My logs are fullfilled with this: > > Jan 20 20:05:26 linzer postfix/smtpd[22308]: warning: hostname > c942452695-cloudp > ro-214859053.cloudatcost.com does not resolve to address 167.88.40.162: Name > or >

Re: Prevent Backscatter

Bastian Blank-3 wrote > On Fri, Jan 20, 2017 at 02:01:27PM -0700, Postfix User wrote: >> check_sender_access $virtual_alias_maps, > > You are creating an open relay, don't do that. Actually I am not creating an open relay, $virtual_alias_maps contains only internal addresses. When I try