The Saturday 2005-03-26 at 13:37 -0900, John Andersen wrote:
The problem is that mynetworks does not appear in /etc/sysconfig/postfix so they have no way to set this via yast. You have to know this in advance. Perhaps it will be fixed in 9.2 or 9.3.
Without the ability to set mynetworks via yast, postfix defaults mynetworks to use mynetworks-style, and THAT in turn defaults to mynetworks_style = subnet which means anyone with the same subnet can relay thru your box. In my case someone appearing to be (in reality, probably forged IP) on the same ISP was able to connect and relay.
So the upshot is, that unless you know to check the main.cf, postfix will install insecurely if you accept smtp connections from remote and you configure it with Yast2.
This was reported time ago in this list: |Date: 05 Sep 2003 08:58:54 -0500 |From: David Krider <david@ |To: suse-linux-e@ |Subject: [SLE] SuSE's default postfix config is an open relay? |X-Message-Number-for-archive: 158428 The recommendation at the time was to report the issue on the suse-security list. I don't know if it was, and what was the answer, if any. -- Cheers, Carlos Robinson