Re: [SLE] Stopping open mail relay in SuSE standard server.

newer
Re: [SLE] gaim-80

older
[Fwd: Damien X. Selles/SXB/Effem...

James Knott

25 Jul 2004 25 Jul '04

01:12

Bruce Marshall wrote:

...

On Saturday 24 July 2004 03:53 pm, James Knott wrote:

...
Bruce Marshall wrote:

...
On Saturday 24 July 2004 03:15 pm, James Knott wrote:

...
I've set up a mail server, using SuSe Standard Server, and while it's now working, it appears I've also got an open mail relay running. According to what I've read in the O'Reilly Postfix book, postfix is supposed to default to not be an open relay. I've check main.cf and I can't see anything that might be causing the open relay. Any ideas, as to what I might check? I've shut down postfix, until I can resolve this problem.

Why are you allowing people outside your firewall (you do have one don't you?) to come in on port 25?? If they can't use port 25, they can't use you as a relay.

How would incoming mail get to the server, if port 25 isn't open? There is a firewall ahead of the server, with port 25 forwarded to the server.

You didn't mention you were running your own incoming mail server. Are you?

Most people bring in mail using pop3 or such with fetchmail. If you're running your own mx, then you should (IMHO) know how to set postfix to not be a relay. (I don't know since I don't run my own incoming smtp)

I'm trying to set up a mail server for a small company. According to the O'Reilly Postfix book, it is already configured to not relay, but it apparently is relaying. At the moment, I'm just going by what the status displays show, as the server is about 25 miles away and only physically accessable during business hours. I plan to go in and verify what's happening, with ethereal.

Show replies by date

Anders Johansson

25 Jul 25 Jul

01:21

New subject: [SLE] Stopping open mail relay in SuSE standard server.

On Sat, 2004-07-24 at 21:12 -0400, James Knott wrote:

...

Bruce Marshall wrote:

...
On Saturday 24 July 2004 03:53 pm, James Knott wrote:

...
Bruce Marshall wrote:

...
On Saturday 24 July 2004 03:15 pm, James Knott wrote:

...
I've set up a mail server, using SuSe Standard Server, and while it's now working, it appears I've also got an open mail relay running. According to what I've read in the O'Reilly Postfix book, postfix is supposed to default to not be an open relay. I've check main.cf and I can't see anything that might be causing the open relay. Any ideas, as to what I might check? I've shut down postfix, until I can resolve this problem.

Why are you allowing people outside your firewall (you do have one don't you?) to come in on port 25?? If they can't use port 25, they can't use you as a relay.

How would incoming mail get to the server, if port 25 isn't open? There is a firewall ahead of the server, with port 25 forwarded to the server.

You didn't mention you were running your own incoming mail server. Are you?

Most people bring in mail using pop3 or such with fetchmail. If you're running your own mx, then you should (IMHO) know how to set postfix to not be a relay. (I don't know since I don't run my own incoming smtp)

I'm trying to set up a mail server for a small company. According to the O'Reilly Postfix book, it is already configured to not relay,

A book can't read your current config. And come to think of it, neither can we unless you post it. That might help in putting you on the right track

...

but it apparently is relaying. At the moment, I'm just going by what the status displays show,

look at /var/log/mail instead, that tells you what the mail server is doing

...

as the server is about 25 miles away and only physically accessable during business hours. I plan to go in and verify what's happening, with ethereal.

the mail log should be sufficient to verify whether it's an open relay or not. And we really do need to see main.cf to be able to say what's wrong, if anything. grep -v ^# /etc/postfix/main.cf and post the output

James Knott

01:46

New subject: [SLE] Stopping open mail relay in SuSE standard server.

Anders Johansson wrote:

...

the mail log should be sufficient to verify whether it's an open relay or not. And we really do need to see main.cf to be able to say what's wrong, if anything.

grep -v ^# /etc/postfix/main.cf

and post the output

queue_directory= /var/spool/postfix command_directory= /usr/sbin daemon_directory= /usr/lib/postfix mail_owner= postfix debug_peer_level= 2 debugger_command= PATH=/usr/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path= /usr/sbin/sendmail newaliases_path= /usr/sbin/sendmail mailq_path= /usr/bin/mailq setgid_group= maildrop manpage_directory= /usr/share/man sample_directory= /usr/share/doc/packages/postfix/samples readme_directory= /usr/share/doc/packages/postfix/README_FILES mail_spool_directory= /var/mail canonical_maps= hash:/etc/postfix/canonical virtual_maps= ldap:ldapvuser,hash:/etc/postfix/virtual relocated_maps= hash:/etc/postfix/relocated transport_maps= hash:/etc/postfix/transport,ldap:ldaptransport sender_canonical_maps= hash:/etc/postfix/sender_canonical masquerade_exceptions= root masquerade_classes= envelope_sender, header_sender, header_recipient myhostname= mail.destinywellness.com inet_interfaces= all masquerade_domains= $mydomain mydestination= $myhostname localhost.$mydomain $mydomain mailtest.destinywellness.com defer_transports= disable_dns_lookups= no relayhost= content_filter= mailbox_command= mailbox_transport= lmtp:unix:public/lmtp smtpd_sender_restrictions= hash:/etc/postfix/access smtpd_client_restrictions= smtpd_helo_required= no smtpd_helo_restrictions= strict_rfc821_envelopes= no smtpd_recipient_restrictions= permit_mynetworks, reject_unauth_destination alias_maps= hash:/etc/aliases,hash:/etc/aliases.d/slots,ldap:ldapaliases alias_database= hash:/etc/aliases,hash:/etc/aliases.d/slots local_destination_concurrency_limit= 10 mailbox_size_limit= 0 message_size_limit= 30000000 mynetwork= 127.0.0.0/8, 192.168.1.0/255.255.255.0 myorigin= $mydomain recipient_delimiter= + relay_clientcerts= ldap:ldaprelcert smtpd_tls_CAfile= /etc/ssl/CA/usedCA.pem smtpd_tls_ask_ccert= yes smtpd_tls_cert_file= /etc/ssl/certs/cert.pem smtpd_tls_key_file= /etc/ssl/certs/skey.pem smtpd_tls_received_header= yes smtpd_use_tls= yes tls_daemon_random_source= dev:/dev/urandom tls_random_source= dev:/dev/urandom ldapaliases_server_host= localhost ldapaliases_server_port= 389 ldapaliases_bind= no ldapaliases_timeout= 20 ldapaliases_search_base= dc=destinywellness,dc=com ldapaliases_query_filter= (|(alias=%s)(&(fn=%s)(objectclass=SuSEIMAPFolderObject))) ldapaliases_result_attribute= uid,mailDeliveryProgram,deliverToUID ldapaliases_scope= one ldapvuser_server_host= localhost ldapvuser_server_port= 389 ldapvuser_bind= no ldapvuser_timeout= 20 ldapvuser_search_base= dc=destinywellness,dc=com ldapvuser_query_filter= (|(&(objectclass=SuSEVirtUserObject)(vaddress=%s))(&(objectclass=dNSZone)(relativeDomainName=@)(zoneName=%s)(MTALocaldomain=%s))) ldapvuser_result_attribute= uid,MTALocaldomain ldapvuser_scope= sub ldapmailenab_server_host= localhost ldapmailenab_server_port= 389 ldapmailenab_bind= no ldapmailenab_timeout= 20 ldapmailenab_search_base= dc=destinywellness,dc=com ldapmailenab_query_filter= (reject=%s) ldapmailenab_result_attribute= mailenabled ldapmailenab_scope= one ldaprelcert_server_host= localhost ldaprelcert_server_port= 389 ldaprelcert_bind= no ldaprelcert_timeout= 20 ldaprelcert_search_base= dc=destinywellness,dc=com ldaprelcert_query_filter= (relayClientcert=%s) ldaprelcert_result_attribute= uid ldaprelcert_scope= one ldaptransport_server_host= localhost ldaptransport_server_port= 389 ldaptransport_bind= no ldaptransport_timeout= 20 ldaptransport_search_base= ou=MailTransports,dc=destinywellness,dc=com ldaptransport_query_filter= (&(objectclass=SuSEMailTransportObject)(smtpDomain=%s)) ldaptransport_result_attribute= smtpDomainTransportNexthop ldaptransport_scope= one ldapvdom_server_host= localhost ldapvdom_server_port= 389 ldapvdom_bind= no ldapvdom_timeout= 20 ldapvdom_search_base= o=DNS,dc=destinywellness,dc=com ldapvdom_query_filter= (&(objectclass=dNSZone)(relativeDomainName=@)(zoneName=%s)(MTALocaldomain=true)) ldapvdom_result_attribute= zoneName ldapvdom_scope= sub

James Knott

01:55

New subject: [SLE] Stopping open mail relay in SuSE standard server.

Anders Johansson wrote:

...

On Sat, 2004-07-24 at 21:12 -0400, James Knott wrote:

...
Bruce Marshall wrote:

...
On Saturday 24 July 2004 03:53 pm, James Knott wrote:

...
Bruce Marshall wrote:

...
On Saturday 24 July 2004 03:15 pm, James Knott wrote:

...
I've set up a mail server, using SuSe Standard Server, and while it's now working, it appears I've also got an open mail relay running. According to what I've read in the O'Reilly Postfix book, postfix is supposed to default to not be an open relay. I've check main.cf and I can't see anything that might be causing the open relay. Any ideas, as to what I might check? I've shut down postfix, until I can resolve this problem.

Why are you allowing people outside your firewall (you do have one don't you?) to come in on port 25?? If they can't use port 25, they can't use you as a relay.

How would incoming mail get to the server, if port 25 isn't open? There is a firewall ahead of the server, with port 25 forwarded to the server.

You didn't mention you were running your own incoming mail server. Are you?

Most people bring in mail using pop3 or such with fetchmail. If you're running your own mx, then you should (IMHO) know how to set postfix to not be a relay. (I don't know since I don't run my own incoming smtp)

I'm trying to set up a mail server for a small company. According to the O'Reilly Postfix book, it is already configured to not relay,

A book can't read your current config. And come to think of it, neither can we unless you post it. That might help in putting you on the right track

...
but it apparently is relaying. At the moment, I'm just going by what the status displays show,

look at /var/log/mail instead, that tells you what the mail server is doing

...
as the server is about 25 miles away and only physically accessable during business hours. I plan to go in and verify what's happening, with ethereal.

the mail log should be sufficient to verify whether it's an open relay or not. And we really do need to see main.cf to be able to say what's wrong, if anything.

Here's a chunk of the log Jul 24 14:51:58 mail postfix/qmgr[829]: 3278B213E: from=, size=1514, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 351DE1F95: from=, size=1860, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 365581F42: from=, size=1501, nrcpt=1 (queue act ive) Jul 24 14:51:58 mail postfix/qmgr[829]: 378D62069: from=, size=2018, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 382CE1ECA: from=, size=1566, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 3A568210F: from=, size=1644, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 3B03E2139: from=, size=1606, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 3C20B2202: from=, size=1625, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 3D9FE1F59: from=, size=1501, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 3DD6C20BC: from=, size=1892, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 3E55621C1: from=, size=1587, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 3EE0D200B: from=, size=1822, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 3E2272036: from=, size=1888, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 3FF3E1FF7: from=, size=1832, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 3FF7E20D4: from=, size=1954, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 3F234229C: from=, size=1629, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 402E72079: from=, size=1585, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 409DD208A: from=, size=1885, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 404E21DB2: from=, size=1999, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 415F2211A: from=, size=1652, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 422711F5D: from=, size=1502, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 425A31F2C: from=, size=1551, nrcpt=1 (queue active ) Jul 24 14:51:58 mail postfix/qmgr[829]: 43371211F: from=, size=1800, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 445062082: from=, size=1897, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 46D541E9B: from=, size=1586, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 4618221B2: from=, size=1563, nrcpt=1 (queue active) Jul 24 14:51:58 mail postfix/qmgr[829]: 479C62126: from=, size=1576, nrcpt=1 (queue active)

Faber Fedor

02:29

New subject: Stopping open mail relay in SuSE standard server.

On 24/07/04 21:55 -0400, James Knott wrote:

...

Here's a chunk of the log

Jul 24 14:51:58 mail postfix/qmgr[829]: 3278B213E: from=, size=1514, nrcpt=1 (queue active)

<snip> All this shows is that you're recieving emails. To be a relay, these emails MUST be going to an address outside of the domain(s) that Postfix is responsible for. Is that so? We need to see the from *and* to for the same message ID to verify that it is relaying. -- Regards, Faber Linux New Jersey: Open Source Solutions for New Jersey http://www.linuxnj.com

James Knott

03:02

New subject: [SLE] Re: Stopping open mail relay in SuSE standard server.

Faber Fedor wrote:

...

On 24/07/04 21:55 -0400, James Knott wrote:

...
Here's a chunk of the log

Jul 24 14:51:58 mail postfix/qmgr[829]: 3278B213E: from=, size=1514, nrcpt=1 (queue active)

<snip>

All this shows is that you're recieving emails. To be a relay, these emails MUST be going to an address outside of the domain(s) that Postfix is responsible for. Is that so?

We need to see the from *and* to for the same message ID to verify that it is relaying.

Such as 953752177? Jul 24 21:00:26 mail postfix/cleanup[12164]: 953752177: message-id=<20040725010022.953752177@mail.destinywellness.com> Jul 24 21:00:26 mail postfix/qmgr[12619]: 953752177: from=, size=1213, nrcpt=1 (queue active Jul 24 21:00:27 mail postfix/smtpd[9673]: 1ACA0217A: client=SGS.DESTINYFIN.com[192.168.1.1] Jul 24 21:00:27 mail postfix/pickup[11796]: 1CAC22183: uid=65534 from= Jul 24 21:00:27 mail postfix/cleanup[12164]: 1CAC22183: message-id=<20040725010022.953752177@mail.destinywellness.com> Jul 24 21:00:27 mail postfix/pipe[12703]: 953752177: to=, relay=procmail, delay=5, status=sent (spamfiltr)

Louis Richards

06:20

New subject: [SLE] Re: Stopping open mail relay in SuSE standard server.

http://www.abuse.net/relay.html Use the above address as an initial test for relay. It's easy. Let us know the results and we can go from there. Louis

James Knott

13:01

New subject: [SLE] Re: Stopping open mail relay in SuSE standard server.

Louis Richards wrote:

...

http://www.abuse.net/relay.html

Use the above address as an initial test for relay. It's easy. Let us know the results and we can go from there.

Louis

I have already run their anonymous test, and it said the server was accepting their messages. When I tried to register for the registered user mode, my e-mail was rejected.

Carlos E. R.

26 Jul 26 Jul

00:15

New subject: [SLE] Re: Stopping open mail relay in SuSE standard server.

The Saturday 2004-07-24 at 23:02 -0400, James Knott wrote:

...

Such as 953752177?

Jul 24 21:00:26 mail postfix/cleanup[12164]: 953752177: message-id=<20040725010022.953752177@mail.destinywellness.com> Jul 24 21:00:26 mail postfix/qmgr[12619]: 953752177: from=, size=1213, nrcpt=1 (queue active

(the above log line is incomplete)

...

Jul 24 21:00:27 mail postfix/smtpd[9673]: 1ACA0217A: client=SGS.DESTINYFIN.com[192.168.1.1] Jul 24 21:00:27 mail postfix/pickup[11796]: 1CAC22183: uid=65534 from= Jul 24 21:00:27 mail postfix/cleanup[12164]: 1CAC22183: message-id=<20040725010022.953752177@mail.destinywellness.com> Jul 24 21:00:27 mail postfix/pipe[12703]: 953752177: to=, relay=procmail, delay=5, status=sent (spamfiltr)

Er... The log is incomplete for my liking, but if email is coming on 192.168.1.1 interface, it thinks that it comes from the local network, ie, the intranet, so it allows relying for it: mynetwork= 127.0.0.0/8, 192.168.1.0/255.255.255.0 More information is needed. What interfaces do you have? Is indeed external mail coming in on that interface? -- Cheers, Carlos Robinson

James Knott

01:26

New subject: [SLE] Re: Stopping open mail relay in SuSE standard server.

Carlos E. R. wrote:

...

The Saturday 2004-07-24 at 23:02 -0400, James Knott wrote:

...
Such as 953752177?

Jul 24 21:00:26 mail postfix/cleanup[12164]: 953752177: message-id=<20040725010022.953752177@mail.destinywellness.com> Jul 24 21:00:26 mail postfix/qmgr[12619]: 953752177: from=, size=1213, nrcpt=1 (queue active

(the above log line is incomplete)

...
Jul 24 21:00:27 mail postfix/smtpd[9673]: 1ACA0217A: client=SGS.DESTINYFIN.com[192.168.1.1] Jul 24 21:00:27 mail postfix/pickup[11796]: 1CAC22183: uid=65534 from= Jul 24 21:00:27 mail postfix/cleanup[12164]: 1CAC22183: message-id=<20040725010022.953752177@mail.destinywellness.com> Jul 24 21:00:27 mail postfix/pipe[12703]: 953752177: to=, relay=procmail, delay=5, status=sent (spamfiltr)

Er... The log is incomplete for my liking, but if email is coming on 192.168.1.1 interface, it thinks that it comes from the local network, ie, the intranet, so it allows relying for it:

If you want, I can send you the entire log, but it's over 12,000 lines and 1.73 MB. ;-)

...

mynetwork= 127.0.0.0/8, 192.168.1.0/255.255.255.0

More information is needed. What interfaces do you have? Is indeed external mail coming in on that interface?

Does it consider the address that it comes in on? Or the source address? There is only one interface in use, connected to the firewall, via local network. Beyond the firewall is an ADSL connection. The log shows a wide variety of sources and destinations for the messages. I can send test messages, from a mail relay test site, to verify it is relaying messages.

Carlos E. R.

10:28

New subject: [SLE] Re: Stopping open mail relay in SuSE standard server.

The Sunday 2004-07-25 at 21:26 -0400, James Knott wrote:

...

...
More information is needed. What interfaces do you have? Is indeed external mail coming in on that interface?

Does it consider the address that it comes in on?

Yes, due to the "mynetworks" setting.

...

Or the source address?

Also.

...

There is only one interface in use, connected to the firewall, via local network. Beyond the firewall is an ADSL connection.

And in another message you mention that:

...

That I can't say. The firewall is a separate box, made by Symantec, which I have no control over, other than asking for ports to be forwarded. I guess I'll have to see what's actually in the packets and enquire about the firewall being a proxy.

That's what I thought. Postfix is seeing the email coming on an internal interface, and it is configured to trust everything coming on that interface. You could remove the 192.168.1.0 interface from the "mynetwork" setting, but then, of course, all your intranet would be untrusted - perhaps not a bad thing in your case, I think you said something about a Exchange server behind. Or you could give it another ip, perhaps a "real" one. -- Cheers, Carlos Robinson

James Knott

12:58

New subject: [SLE] Re: Stopping open mail relay in SuSE standard server.

Carlos E. R. wrote:

...

The Sunday 2004-07-25 at 21:26 -0400, James Knott wrote:

...
...
More information is needed. What interfaces do you have? Is indeed external mail coming in on that interface?

Does it consider the address that it comes in on?

Yes, due to the "mynetworks" setting.

...
Or the source address?

Also.

...
There is only one interface in use, connected to the firewall, via local network. Beyond the firewall is an ADSL connection.

And in another message you mention that:

...
That I can't say. The firewall is a separate box, made by Symantec, which I have no control over, other than asking for ports to be forwarded. I guess I'll have to see what's actually in the packets and enquire about the firewall being a proxy.

I haven't yet confirmed that there is a proxy, but considering what I've gone through, that's the only thing that makes sense.

...

That's what I thought. Postfix is seeing the email coming on an internal interface, and it is configured to trust everything coming on that interface. You could remove the 192.168.1.0 interface from the "mynetwork" setting, but then, of course, all your intranet would be untrusted - perhaps not a bad thing in your case, I think you said something about a Exchange server behind.

No, there's no Exchange server. Currently, they're getting their mail via an external company and they're not happy with the performance.

...

Or you could give it another ip, perhaps a "real" one.

I was wondering what the solution would be, if the problem were caused by a proxy and it couldn't be turned off. One possibility, would be another IP. Are there other ways of dealing with a proxy? tnx

Carlos E. R.

27 Jul 27 Jul

01:39

New subject: [SLE] Re: Stopping open mail relay in SuSE standard server.

The Monday 2004-07-26 at 08:58 -0400, James Knott wrote:

...

I was wondering what the solution would be, if the problem were caused by a proxy and it couldn't be turned off. One possibility, would be another IP. Are there other ways of dealing with a proxy?

Right now, I don't know, I'm sleepy; but the main problem is that postfix - being on a machine siting inside your intranet - gets email on an interface it trusts completely (192.168.1.0/255.255.255.0 in your main.cf file), so that it will allow relaying. So, any possible solutions is either: a) receive email on another interface, which is not listed in the "mynetworks" line. or b) remove that interface from the "mynetworks" line. There might be another configuration change to solve the issue, but I can't think of it right now. -- Cheers, Carlos Robinson

Faber Fedor

25 Jul 25 Jul

02:25

New subject: Stopping open mail relay in SuSE standard server.

On 25/07/04 03:21 +0200, Anders Johansson wrote:

...

the mail log should be sufficient to verify whether it's an open relay or not. And we really do need to see main.cf to be able to say what's wrong, if anything.

grep -v ^# /etc/postfix/main.cf

and post the output

"/usr/sbin/postconf -n" will do the same AND show what has been changed from the default settings. -- Regards, Faber Linux New Jersey: Open Source Solutions for New Jersey http://www.linuxnj.com

James Knott

03:03

New subject: [SLE] Re: Stopping open mail relay in SuSE standard server.

Faber Fedor wrote:

...

On 25/07/04 03:21 +0200, Anders Johansson wrote:

...
the mail log should be sufficient to verify whether it's an open relay or not. And we really do need to see main.cf to be able to say what's wrong, if anything.

grep -v ^# /etc/postfix/main.cf

and post the output

"/usr/sbin/postconf -n" will do the same AND show what has been changed from the default settings.

mail:~ # /usr/sbin/postconf -n alias_database = hash:/etc/aliases,hash:/etc/aliases.d/slots alias_maps = hash:/etc/aliases,hash:/etc/aliases.d/slots,ldap:ldapaliases canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix content_filter = daemon_directory = /usr/lib/postfix debug_peer_level = 2 defer_transports = disable_dns_lookups = no inet_interfaces = all local_destination_concurrency_limit = 10 mail_owner = postfix mail_spool_directory = /var/mail mailbox_command = mailbox_size_limit = 0 mailbox_transport = lmtp:unix:public/lmtp mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = $mydomain masquerade_exceptions = root message_size_limit = 30000000 mydestination = $myhostname localhost.$mydomain $mydomain mailtest.destinywellness.com myhostname = mail.destinywellness.com myorigin = $mydomain newaliases_path = /usr/sbin/sendmail queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix/README_FILES recipient_delimiter = + relay_clientcerts = ldap:ldaprelcert relayhost = relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix/samples sender_canonical_maps = hash:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_tls_CAfile = /etc/ssl/CA/usedCA.pem smtpd_tls_ask_ccert = yes smtpd_tls_cert_file = /etc/ssl/certs/cert.pem smtpd_tls_key_file = /etc/ssl/certs/skey.pem smtpd_tls_received_header = yes smtpd_use_tls = yes strict_rfc821_envelopes = no tls_daemon_random_source = dev:/dev/urandom tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport,ldap:ldaptransport virtual_maps = ldap:ldapvuser,hash:/etc/postfix/virtual

Togan Muftuoglu

14:04

New subject: [SLE] Re: Stopping open mail relay in SuSE standard server.

* James Knott; on 24 Jul, 2004 wrote:

...

Faber Fedor wrote:

...
On 25/07/04 03:21 +0200, Anders Johansson wrote:

...
the mail log should be sufficient to verify whether it's an open relay or not. And we really do need to see main.cf to be able to say what's wrong, if anything.

grep -v ^# /etc/postfix/main.cf

and post the output

"/usr/sbin/postconf -n" will do the same AND show what has been changed from the default settings. masquerade_exceptions = root message_size_limit = 30000000 mydestination = $myhostname localhost.$mydomain $mydomain mailtest.destinywellness.com myhostname = mail.destinywellness.com myorigin = $mydomain

If you have not edited this file before sending to the mailinglist there does not seem to be a mynetworks parameter can you post out /usr/sbin/postconf -n mynetworks If you have not mynetworks defined that could be your problem area make sure it reprsesents your network -- Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC. Nisi defectum, haud refiecendum

James Knott

15:02

New subject: [SLE] Re: Stopping open mail relay in SuSE standard server.

Togan Muftuoglu wrote:

...

* James Knott; on 24 Jul, 2004 wrote:

...
Faber Fedor wrote:

...
On 25/07/04 03:21 +0200, Anders Johansson wrote:

...
the mail log should be sufficient to verify whether it's an open relay or not. And we really do need to see main.cf to be able to say what's wrong, if anything.

grep -v ^# /etc/postfix/main.cf

and post the output

"/usr/sbin/postconf -n" will do the same AND show what has been changed from the default settings.

masquerade_exceptions = root message_size_limit = 30000000 mydestination = $myhostname localhost.$mydomain $mydomain mailtest.destinywellness.com myhostname = mail.destinywellness.com myorigin = $mydomain

If you have not edited this file before sending to the mailinglist there does not seem to be a mynetworks parameter can you post out

/usr/sbin/postconf -n mynetworks If you have not mynetworks defined that could be your problem area make sure it reprsesents your network

In main.cf, the mynetworks line is commented out. I have enabled it, with the local network address. I'll have to see if that works. tnx

James Knott

15:09

New subject: [SLE] Re: Stopping open mail relay in SuSE standard server.

James Knott wrote:

...

Togan Muftuoglu wrote:

...
* James Knott; on 24 Jul, 2004 wrote:

...
Faber Fedor wrote:

...
On 25/07/04 03:21 +0200, Anders Johansson wrote:

...
the mail log should be sufficient to verify whether it's an open relay or not. And we really do need to see main.cf to be able to say what's wrong, if anything.

grep -v ^# /etc/postfix/main.cf

and post the output

"/usr/sbin/postconf -n" will do the same AND show what has been changed from the default settings.

masquerade_exceptions = root message_size_limit = 30000000 mydestination = $myhostname localhost.$mydomain $mydomain mailtest.destinywellness.com myhostname = mail.destinywellness.com myorigin = $mydomain

If you have not edited this file before sending to the mailinglist there does not seem to be a mynetworks parameter can you post out

/usr/sbin/postconf -n mynetworks If you have not mynetworks defined that could be your problem area make sure it reprsesents your network

In main.cf, the mynetworks line is commented out. I have enabled it, with the local network address. I'll have to see if that works.

It didn't work. I tried a test, using http://members.iinet.net.au/~remmie/relay/ and the test message was relayed by the server. It also appeared in /var/log/mail.

Togan Muftuoglu

15:20

New subject: [SLE] Re: Stopping open mail relay in SuSE standard server.

* James Knott; on 25 Jul, 2004 wrote:

...

James Knott wrote:

...
In main.cf, the mynetworks line is commented out. I have enabled it, with the local network address. I'll have to see if that works.

It didn't work. I tried a test, using http://members.iinet.net.au/~remmie/relay/ and the test message was relayed by the server. It also appeared in /var/log/mail.

havue restarted postfix so the change takes into effect -- Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC. Nisi defectum, haud refiecendum

James Knott

22:02

New subject: [SLE] Re: Stopping open mail relay in SuSE standard server.

Togan Muftuoglu wrote:

...

* James Knott; on 25 Jul, 2004 wrote:

...
James Knott wrote:

...
In main.cf, the mynetworks line is commented out. I have enabled it, with the local network address. I'll have to see if that works.

It didn't work. I tried a test, using http://members.iinet.net.au/~remmie/relay/ and the test message was relayed by the server. It also appeared in /var/log/mail.

havue restarted postfix so the change takes into effect

I did after every change I've tried.

John Andersen

23:21

New subject: [SLE] Re: Stopping open mail relay in SuSE standard server.

On Sunday 25 July 2004 02:02 pm, James Knott wrote:

...

Togan Muftuoglu wrote:

...
* James Knott; on 25 Jul, 2004 wrote:

...
James Knott wrote:

...
In main.cf, the mynetworks line is commented out. I have enabled it, with the local network address. I'll have to see if that works.

It didn't work. I tried a test, using http://members.iinet.net.au/~remmie/relay/ and the test message was relayed by the server. It also appeared in /var/log/mail.

havue restarted postfix so the change takes into effect

I did after every change I've tried.

But you still did not answer if the test address you used in the relay page was inside or outside address. Obviously inside addresses would be accepted. -- _____________________________________ John Andersen

James Knott

26 Jul 26 Jul

00:43

New subject: [SLE] Re: Stopping open mail relay in SuSE standard server.

John Andersen wrote:

...

On Sunday 25 July 2004 02:02 pm, James Knott wrote:

...
Togan Muftuoglu wrote:

...
* James Knott; on 25 Jul, 2004 wrote:

...
James Knott wrote:

...
In main.cf, the mynetworks line is commented out. I have enabled it, with the local network address. I'll have to see if that works.

It didn't work. I tried a test, using http://members.iinet.net.au/~remmie/relay/ and the test message was relayed by the server. It also appeared in /var/log/mail.

havue restarted postfix so the change takes into effect

I did after every change I've tried.

But you still did not answer if the test address you used in the relay page was inside or outside address. Obviously inside addresses would be accepted.

I thought I had already mentioned that a couple of times. I sent a test message, from a relay test site, to my own personal e-mail, the one I use here. The test message was configured to relay via the server I'm working on, which has absolutely no relationship with my own account. That server is located in a different city, using an ADSL connection, provided by Sympatico. I'm on Rogers, a cable ISP.

John Andersen

25 Jul 25 Jul

20:41

New subject: [SLE] Re: Stopping open mail relay in SuSE standard server.

On Sunday 25 July 2004 07:09 am, James Knott wrote:

...

It didn't work. I tried a test, using http://members.iinet.net.au/~remmie/relay/ and the test message was relayed by the server. It also appeared in /var/log/mail.

What address did you put in for the recipient? -- _____________________________________ John Andersen

Fleet Senseman

23:27

New subject: [SLE] Re: Stopping open mail relay in SuSE standard server.

On Sunday 25 July 2004 11:02, James Knott wrote:

...

In main.cf, the mynetworks line is commented out. I have enabled it, with the local network address. I'll have to see if that works.

tnx

James, My server is set up as nat behind my firewall. I notice you don't have the following lines (with your info as approriate) in your main.cf file. mydomain = sevencrows.com mynetworks = 127.0.0.1/8, 192.168.1.0/24 proxy_interfaces = 192.216.210.16 Not sure if this is applicable.... Regards, Fleet

7214

Age (days ago)

7216

Last active (days ago)

List overview

Download

23 comments

8 participants

participants (8)

Anders Johansson
Carlos E. R.
Faber Fedor
Fleet Senseman
James Knott
John Andersen
Louis Richards
Togan Muftuoglu