My SuSE-Email-Server-II works as an open relay server
Hello all, my SuSE-Email-Server-II works as an open relay server and i'm not able to solve the problem. Here is the output from postconf -n : ____________________ gw0324:~ # postconf -n alias_database = hash:/etc/aliases, hash:/home/mailman/bin/aliases alias_maps = hash:/etc/aliases, ldap:ldapaliases, ldap:ldapml, hash:/home/mailman/bin/aliases canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin daemon_directory = /usr/lib/postfix debug_peer_level = 2 default_destination_concurrency_limit = 1 default_privs = cyrus defer_transports = disable_dns_lookups = no local_destination_concurrency_limit = 2 mail_name = Postfix on SuSE eMail Server 2.0 mailbox_transport = procmail maps_rbl_domains = relays.ordb.org masquerade_domains = $domain masquerade_exceptions = root maximal_queue_lifetime = 1 maximal_queue_lifetime = 1 mydestination = $mydomain, $myhostname, localhost.$mydomain, pame.org, ginni.de, hotel-tsapakis.de, mahling.net, projekt-pame.de, adv-nrw.de, lebens-werkstatt.net, sfe-kevelaer.de myhostname = gw0324.klaus-mahling.de mynetworks = 212.185.26.71/255.255.255.0 myorigin = $mydomain program_directory = /usr/lib/postfix recipient_delimiter = + relayhost = relocated_maps = hash:/etc/postfix/relocated sender_canonical_maps = ldap:ldapcanonical smtpd_recipient_restrictions = reject_maps_rbl, ldap:ldapmailenab, check_relay_ccerts, permit_mynetworks, check_ relay_domains, ldap:ldapmlgrp smtpd_sender_restrictions = hash:/etc/postfix/access transport_maps = hash:/etc/postfix/transport virtual_maps = hash:/etc/postfix/virtual _____________________ Any ideas ? -- THX Klaus Mahling mailto:admin@klaus-mahling.de
smtpd_recipient_restrictions = permit_mynetworks, check_client_access
hash:/etc/
postfix/access, check_helo_access hash:/etc/postfix/access,
check_sender_access
hash:/etc/postfix/access, check_recipient_access hash:/etc/postfix/access,
check
_relay_domains
narf.
Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/security/
----- Original Message -----
From: "Klaus Mahling"
Hello all, my SuSE-Email-Server-II works as an open relay server and i'm not able to solve the problem. Here is the output from postconf -n : ____________________ gw0324:~ # postconf -n alias_database = hash:/etc/aliases, hash:/home/mailman/bin/aliases alias_maps = hash:/etc/aliases, ldap:ldapaliases, ldap:ldapml, hash:/home/mailman/bin/aliases canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin daemon_directory = /usr/lib/postfix debug_peer_level = 2 default_destination_concurrency_limit = 1 default_privs = cyrus defer_transports = disable_dns_lookups = no local_destination_concurrency_limit = 2 mail_name = Postfix on SuSE eMail Server 2.0 mailbox_transport = procmail maps_rbl_domains = relays.ordb.org masquerade_domains = $domain masquerade_exceptions = root maximal_queue_lifetime = 1 maximal_queue_lifetime = 1 mydestination = $mydomain, $myhostname, localhost.$mydomain, pame.org, ginni.de, hotel-tsapakis.de, mahling.net, projekt-pame.de, adv-nrw.de, lebens-werkstatt.net, sfe-kevelaer.de myhostname = gw0324.klaus-mahling.de mynetworks = 212.185.26.71/255.255.255.0 myorigin = $mydomain program_directory = /usr/lib/postfix recipient_delimiter = + relayhost = relocated_maps = hash:/etc/postfix/relocated sender_canonical_maps = ldap:ldapcanonical smtpd_recipient_restrictions = reject_maps_rbl, ldap:ldapmailenab, check_relay_ccerts, permit_mynetworks, check_ relay_domains, ldap:ldapmlgrp smtpd_sender_restrictions = hash:/etc/postfix/access transport_maps = hash:/etc/postfix/transport virtual_maps = hash:/etc/postfix/virtual _____________________
Any ideas ?
-- THX Klaus Mahling mailto:admin@klaus-mahling.de
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hey Klaus, hi Kurt,
smtpd_recipient_restrictions = permit_mynetworks, check_client_access hash:/etc/ postfix/access, check_helo_access hash:/etc/postfix/access, check_sender_access hash:/etc/postfix/access, check_recipient_access hash:/etc/postfix/access, check _relay_domains
narf.
It seems there is more involved here: The seems to be some kind of story in the background. Klaus, could you please send your complete main.cf to security@suse.de? Thanks! Roman.
Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/security/
----- Original Message ----- From: "Klaus Mahling"
To: Sent: Sunday, October 21, 2001 5:38 AM Subject: [suse-security] My SuSE-Email-Server-II works as an open relay server Hello all, my SuSE-Email-Server-II works as an open relay server and i'm not able to solve the problem. Here is the output from postconf -n : ____________________ gw0324:~ # postconf -n alias_database = hash:/etc/aliases, hash:/home/mailman/bin/aliases alias_maps = hash:/etc/aliases, ldap:ldapaliases, ldap:ldapml, hash:/home/mailman/bin/aliases canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin daemon_directory = /usr/lib/postfix debug_peer_level = 2 default_destination_concurrency_limit = 1 default_privs = cyrus defer_transports = disable_dns_lookups = no local_destination_concurrency_limit = 2 mail_name = Postfix on SuSE eMail Server 2.0 mailbox_transport = procmail maps_rbl_domains = relays.ordb.org masquerade_domains = $domain masquerade_exceptions = root maximal_queue_lifetime = 1 maximal_queue_lifetime = 1 mydestination = $mydomain, $myhostname, localhost.$mydomain, pame.org, ginni.de, hotel-tsapakis.de, mahling.net, projekt-pame.de, adv-nrw.de, lebens-werkstatt.net, sfe-kevelaer.de myhostname = gw0324.klaus-mahling.de mynetworks = 212.185.26.71/255.255.255.0 myorigin = $mydomain program_directory = /usr/lib/postfix recipient_delimiter = + relayhost = relocated_maps = hash:/etc/postfix/relocated sender_canonical_maps = ldap:ldapcanonical smtpd_recipient_restrictions = reject_maps_rbl, ldap:ldapmailenab, check_relay_ccerts, permit_mynetworks, check_ relay_domains, ldap:ldapmlgrp smtpd_sender_restrictions = hash:/etc/postfix/access transport_maps = hash:/etc/postfix/transport virtual_maps = hash:/etc/postfix/virtual _____________________
Any ideas ?
-- THX Klaus Mahling mailto:admin@klaus-mahling.de
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--
- -
| Roman Drahtmüller
Roman Drahtmueller wrote:
It seems there is more involved here: The seems to be some kind of story in the background. Klaus, could you please send your complete main.cf to security@suse.de? Thanks!
i saw it on another suse emailserver that he was an open relay, so maybe it would be nice to know what exaclty the problem was .. or not?;) thanks -- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256
Sven Michels wrote:
Roman Drahtmueller wrote:
It seems there is more involved here: The seems to be some kind of story in the background. Klaus, could you please send your complete main.cf to security@suse.de? Thanks!
i saw it on another suse emailserver that he was an open relay, so maybe it would be nice to know what exaclty the problem was .. or not?;)
thanks
In my case it was a commented out mynetworks= Here are some lines of a (hopefully) correct main.cf which has enough resctrictions to now allow relaying: mynetworks= 127.0.0.0/8 <--- add static ip-addresses from your known customers smtpd_client_restrictions= permit_mynetworks, check_client_access hash:/etc/postfix/access, reject_maps_rbl, reject_unauth_pipelining smtpd_sender_restrictions= permit_mynetworks, hash:/etc/postfix/access, reject_unknown_sender_domain, reject_maps_rbl smtpd_recipient_restrictions= ldap:ldapmailenab, permit_mynetworks, check_relay_ccerts, permit_mynetworks, check_relay_domains What I am still trying to figure out is how pop_before_smtp via dracd is implemented in SuSE Email Server II and whether the mynetwors= directive is still needed then. Documentation of SuSE Email Server could be better imho :-) HTH, Erwin Zierler
participants (5)
-
Erwin Zierler - stubainet.at
-
Klaus Mahling
-
Kurt Seifried
-
Roman Drahtmueller
-
Sven Michels