Mailinglist Archive: opensuse (4633 mails)

< Previous Next >
[opensuse] Open (subnet) Relay using Postfix
  • From: John Andersen <jsa@xxxxxxxxxxxxxx>
  • Date: Fri, 29 Dec 2006 01:43:32 -0900
  • Message-id: <200612290143.39911.jsa@xxxxxxxxxxxxxx>
I've discovered that the default Postfix install as done in openSUSE 10.2
and SLES9 provides an open relay for anyone on the same subnets
as the mail server.

This includes both the internal and external subnets.

Postfix defaults to mynetworks_style = subnet
but the fine print says that means ALL subnets to which
it has an interface.

So some of my customers run mail servers on static
IPs and these machines offer an open relay from anywhere
on the internet to any host on the same subnet as the server.

Say I have two customers with static IPs in the
206.174.64.0/18 range...

From anywhere, I can send mail thru one of them,
(say 206.174.64.22) to any server that happens to be in
that same /18 by simply using 206.174.64.22 as my
smtp server.

Now admittedly, this isn't going to get Joe Spammer
vary far but it still seems like a hole to me.

By adding the line:
mynetworks = 192.168.2.0/24, 127.0.0.0/8
you can prevent this, but Yast does not offer that as
best I can see, so you have to remember to do it
manually.

--
_____________________________________
John Andersen
< Previous Next >