Mailinglist Archive: opensuse (4633 mails)

< Previous Next >
[opensuse] Open (subnet) Relay using Postfix
  • From: John Andersen <jsa@xxxxxxxxxxxxxx>
  • Date: Fri, 29 Dec 2006 01:43:32 -0900
  • Message-id: <200612290143.39911.jsa@xxxxxxxxxxxxxx>
I've discovered that the default Postfix install as done in openSUSE 10.2
and SLES9 provides an open relay for anyone on the same subnets
as the mail server.

This includes both the internal and external subnets.

Postfix defaults to mynetworks_style = subnet
but the fine print says that means ALL subnets to which
it has an interface.

So some of my customers run mail servers on static
IPs and these machines offer an open relay from anywhere
on the internet to any host on the same subnet as the server.

Say I have two customers with static IPs in the range...

From anywhere, I can send mail thru one of them,
(say to any server that happens to be in
that same /18 by simply using as my
smtp server.

Now admittedly, this isn't going to get Joe Spammer
vary far but it still seems like a hole to me.

By adding the line:
mynetworks =,
you can prevent this, but Yast does not offer that as
best I can see, so you have to remember to do it

John Andersen
< Previous Next >