Hey Klaus, hi Kurt,

smtpd_recipient_restrictions = permit_mynetworks, check_client_access hash:/etc/ postfix/access, check_helo_access hash:/etc/postfix/access, check_sender_access hash:/etc/postfix/access, check_recipient_access hash:/etc/postfix/access, check _relay_domains

narf.

It seems there is more involved here: The seems to be some kind of story in the background. Klaus, could you please send your complete main.cf to security@suse.de? Thanks! Roman.

Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/security/

----- Original Message ----- From: "Klaus Mahling" To: Sent: Sunday, October 21, 2001 5:38 AM Subject: [suse-security] My SuSE-Email-Server-II works as an open relay server

...

Hello all, my SuSE-Email-Server-II works as an open relay server and i'm not able to solve the problem. Here is the output from postconf -n : ____________________ gw0324:~ # postconf -n alias_database = hash:/etc/aliases, hash:/home/mailman/bin/aliases alias_maps = hash:/etc/aliases, ldap:ldapaliases, ldap:ldapml, hash:/home/mailman/bin/aliases canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin daemon_directory = /usr/lib/postfix debug_peer_level = 2 default_destination_concurrency_limit = 1 default_privs = cyrus defer_transports = disable_dns_lookups = no local_destination_concurrency_limit = 2 mail_name = Postfix on SuSE eMail Server 2.0 mailbox_transport = procmail maps_rbl_domains = relays.ordb.org masquerade_domains = $domain masquerade_exceptions = root maximal_queue_lifetime = 1 maximal_queue_lifetime = 1 mydestination = $mydomain, $myhostname, localhost.$mydomain, pame.org, ginni.de, hotel-tsapakis.de, mahling.net, projekt-pame.de, adv-nrw.de, lebens-werkstatt.net, sfe-kevelaer.de myhostname = gw0324.klaus-mahling.de mynetworks = 212.185.26.71/255.255.255.0 myorigin = $mydomain program_directory = /usr/lib/postfix recipient_delimiter = + relayhost = relocated_maps = hash:/etc/postfix/relocated sender_canonical_maps = ldap:ldapcanonical smtpd_recipient_restrictions = reject_maps_rbl, ldap:ldapmailenab, check_relay_ccerts, permit_mynetworks, check_ relay_domains, ldap:ldapmlgrp smtpd_sender_restrictions = hash:/etc/postfix/access transport_maps = hash:/etc/postfix/transport virtual_maps = hash:/etc/postfix/virtual _____________________

Any ideas ?

-- THX Klaus Mahling mailto:admin@klaus-mahling.de

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

-- - - | Roman Drahtmüller // "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -

Sven Michels wrote:

Roman Drahtmueller wrote:

...

It seems there is more involved here: The seems to be some kind of story in the background. Klaus, could you please send your complete main.cf to security@suse.de? Thanks!

i saw it on another suse emailserver that he was an open relay, so maybe it would be nice to know what exaclty the problem was .. or not?;)

thanks

In my case it was a commented out mynetworks= Here are some lines of a (hopefully) correct main.cf which has enough resctrictions to now allow relaying: mynetworks= 127.0.0.0/8 <--- add static ip-addresses from your known customers smtpd_client_restrictions= permit_mynetworks, check_client_access hash:/etc/postfix/access, reject_maps_rbl, reject_unauth_pipelining smtpd_sender_restrictions= permit_mynetworks, hash:/etc/postfix/access, reject_unknown_sender_domain, reject_maps_rbl smtpd_recipient_restrictions= ldap:ldapmailenab, permit_mynetworks, check_relay_ccerts, permit_mynetworks, check_relay_domains What I am still trying to figure out is how pop_before_smtp via dracd is implemented in SuSE Email Server II and whether the mynetwors= directive is still needed then. Documentation of SuSE Email Server could be better imho :-) HTH, Erwin Zierler