John Andersen wrote:
I've discovered that the default Postfix install as done in openSUSE 10.2 and SLES9 provides an open relay for anyone on the same subnets as the mail server.
When you consider default values then you should also mention that the default value for inet_interfaces is 127.0.0.1. Once you start to fiddle with the default settings all bets are off. (^-^) If yast were able to set up smtp auth with yast, THAT would be a real argument to use yast for configuring Postfix. Though I agree, a warning "you are making this service available for access from the internet, are you sure?" would be nice. Also a dialogue where the relay question could be answered, would really help to set up the mail system.
Now admittedly, this isn't going to get Joe Spammer vary far but it still seems like a hole to me.
It is indeed not the best practise.
By adding the line: mynetworks = 192.168.2.0/24, 127.0.0.0/8 you can prevent this, but Yast does not offer that as best I can see, so you have to remember to do it manually.
If you set mynetworks manually, the option mynetworks_style is skipped. You could also use "mynetworks_style = host" to grant relay access to the server only. In the end it comes down to the old saying "If you are playing with Linux you should know what you are doing, especially if you are configuring a network service accessable by the external internet". Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org