Stopping open mail relay in SuSE standard server.
I've set up a mail server, using SuSe Standard Server, and while it's now working, it appears I've also got an open mail relay running. According to what I've read in the O'Reilly Postfix book, postfix is supposed to default to not be an open relay. I've check main.cf and I can't see anything that might be causing the open relay. Any ideas, as to what I might check? I've shut down postfix, until I can resolve this problem. Another issue. I've somehow been locked out of the graphical interface, though I can log in, using ssh etc. Any idea why I can log in with ssh, but not the graphical interface? Does it maintain a separate password somewhere? tnx jk
On Saturday 24 July 2004 21:15, James Knott wrote:
I've set up a mail server, using SuSe Standard Server, and while it's now working, it appears I've also got an open mail relay running. According to what I've read in the O'Reilly Postfix book, postfix is supposed to default to not be an open relay. I've check main.cf and I can't see anything that might be causing the open relay. Any ideas, as to what I might check? I've shut down postfix, until I can resolve this problem.
Another issue. I've somehow been locked out of the graphical interface, though I can log in, using ssh etc. Any idea why I can log in with ssh, but not the graphical interface? Does it maintain a separate password somewhere?
tnx jk
test your open relay here: http://www.abuse.net/relay.html just to be sure. Josephine
On Saturday 24 July 2004 03:15 pm, James Knott wrote:
I've set up a mail server, using SuSe Standard Server, and while it's now working, it appears I've also got an open mail relay running. According to what I've read in the O'Reilly Postfix book, postfix is supposed to default to not be an open relay. I've check main.cf and I can't see anything that might be causing the open relay. Any ideas, as to what I might check? I've shut down postfix, until I can resolve this problem.
Why are you allowing people outside your firewall (you do have one don't you?) to come in on port 25?? If they can't use port 25, they can't use you as a relay. -- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 07/24/04 15:25 + +----------------------------------------------------------------------------+ Wyszowski's First Law: "No experiment is reproducible."
On Sat, 2004-07-24 at 15:26 -0400, Bruce Marshall wrote:
On Saturday 24 July 2004 03:15 pm, James Knott wrote:
I've set up a mail server, using SuSe Standard Server, and while it's now working, it appears I've also got an open mail relay running. According to what I've read in the O'Reilly Postfix book, postfix is supposed to default to not be an open relay. I've check main.cf and I can't see anything that might be causing the open relay. Any ideas, as to what I might check? I've shut down postfix, until I can resolve this problem.
Why are you allowing people outside your firewall (you do have one don't you?) to come in on port 25?? If they can't use port 25, they can't use you as a relay.
They also can't send you mail. Sort of defeats the purpose (or one of the purposes) of running a mail server, doesn't it?
On Saturday 24 July 2004 03:30 pm, Anders Johansson wrote:
On Sat, 2004-07-24 at 15:26 -0400, Bruce Marshall wrote:
On Saturday 24 July 2004 03:15 pm, James Knott wrote:
I've set up a mail server, using SuSe Standard Server, and while it's now working, it appears I've also got an open mail relay running. According to what I've read in the O'Reilly Postfix book, postfix is supposed to default to not be an open relay. I've check main.cf and I can't see anything that might be causing the open relay. Any ideas, as to what I might check? I've shut down postfix, until I can resolve this problem.
Why are you allowing people outside your firewall (you do have one don't you?) to come in on port 25?? If they can't use port 25, they can't use you as a relay.
They also can't send you mail. Sort of defeats the purpose (or one of the purposes) of running a mail server, doesn't it?
1) He didn't state he was running a mail server. 2) If he is, he should know enough how to set up to prevent relaying. 3) Since he is sending mail from rogers.com, it wouldn't appear that he is running his own mail server..... -- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 07/24/04 20:40 + +----------------------------------------------------------------------------+ "Great Spirit, help me never to judge another until I have walked in his moccasins for two weeks." - Sioux Indian Prayer
On Saturday 24 July 2004 04:42 pm, Bruce Marshall wrote:
On Saturday 24 July 2004 03:30 pm, Anders Johansson wrote:
On Sat, 2004-07-24 at 15:26 -0400, Bruce Marshall wrote:
On Saturday 24 July 2004 03:15 pm, James Knott wrote:
I've set up a mail server, using SuSe Standard Server, and while it's now working, it appears I've also got an open mail relay running. According to what I've read in the O'Reilly Postfix book, postfix is supposed to default to not be an open relay. I've check main.cf and I can't see anything that might be causing the open relay. Any ideas, as to what I might check? I've shut down postfix, until I can resolve this problem.
Why are you allowing people outside your firewall (you do have one don't you?) to come in on port 25?? If they can't use port 25, they can't use you as a relay.
They also can't send you mail. Sort of defeats the purpose (or one of the purposes) of running a mail server, doesn't it?
1) He didn't state he was running a mail server.
Yes he did. First sentence.
I've set up a mail server, using SuSe Standard Server,
2) If he is, he should know enough how to set up to prevent relaying.
So, lemmie get this straight ... If he HAS to ask he does not DESERVE an answer? He pointed out that his docos said is should not relay but he believes it was, and that's why he's asking. Christ, he purchased O'Reilly as well as SuSE so you can hardly accuse him of not RTFM... One learns by doing. I suppose you sprung fully onmicient from the womb?
3) Since he is sending mail from rogers.com, it wouldn't appear that he is running his own mail server.....
Perhaps he had the sense to shut down when he realized it was a open relay... Cut him some slack. If you don't want to offer help, why read this list? -- _____________________________________ John Andersen
On Saturday 24 July 2004 08:51 pm, John Andersen wrote:
On Saturday 24 July 2004 04:42 pm, Bruce Marshall wrote:
On Saturday 24 July 2004 03:30 pm, Anders Johansson wrote:
On Sat, 2004-07-24 at 15:26 -0400, Bruce Marshall wrote:
On Saturday 24 July 2004 03:15 pm, James Knott wrote:
I've set up a mail server, using SuSe Standard Server, and while it's now working, it appears I've also got an open mail relay running. According to what I've read in the O'Reilly Postfix book, postfix is supposed to default to not be an open relay. I've check main.cf and I can't see anything that might be causing the open relay. Any ideas, as to what I might check? I've shut down postfix, until I can resolve this problem.
Why are you allowing people outside your firewall (you do have one don't you?) to come in on port 25?? If they can't use port 25, they can't use you as a relay.
They also can't send you mail. Sort of defeats the purpose (or one of the purposes) of running a mail server, doesn't it?
1) He didn't state he was running a mail server.
Yes he did. First sentence.
The term 'mail server' can be pretty ambiguous..... incoming? outgoing?
I've set up a mail server, using SuSe Standard Server,
2) If he is, he should know enough how to set up to prevent relaying.
So, lemmie get this straight ... If he HAS to ask he does not DESERVE an answer?
Well yes.... I just took a quick read of some of the comments in /etc/postfix/main.cf and there is a *LOT* of information there on dealing with relaying. Should be sufficient for most.
He pointed out that his docos said is should not relay but he believes it was, and that's why he's asking. Christ, he purchased O'Reilly as well as SuSE so you can hardly accuse him of not RTFM...
I guess he didn't read the main.cf comments. That's where the changes are made. BTW, you;re bitching a lot a me... where are all of *YOUR* helpful comments???????
One learns by doing. I suppose you sprung fully onmicient from the womb?
FO
3) Since he is sending mail from rogers.com, it wouldn't appear that he is running his own mail server.....
Perhaps he had the sense to shut down when he realized it was a open relay...
Not so.. I've been corresponding off-list and he is doing this for some company.... not from his own machine.
Cut him some slack. If you don't want to offer help, why read this list?
Gee... once again... just what did you add to help him out... huh?? huh?? -- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 07/24/04 21:01 + +----------------------------------------------------------------------------+ "When in doubt, empty your magazine."
Bruce Marshall wrote:
On Saturday 24 July 2004 08:51 pm, John Andersen wrote:
On Saturday 24 July 2004 04:42 pm, Bruce Marshall wrote:
On Saturday 24 July 2004 03:30 pm, Anders Johansson wrote:
On Sat, 2004-07-24 at 15:26 -0400, Bruce Marshall wrote:
On Saturday 24 July 2004 03:15 pm, James Knott wrote:
I've set up a mail server, using SuSe Standard Server, and while it's now working, it appears I've also got an open mail relay running. According to what I've read in the O'Reilly Postfix book, postfix is supposed to default to not be an open relay. I've check main.cf and I can't see anything that might be causing the open relay. Any ideas, as to what I might check? I've shut down postfix, until I can resolve this problem.
Why are you allowing people outside your firewall (you do have one don't you?) to come in on port 25?? If they can't use port 25, they can't use you as a relay.
They also can't send you mail. Sort of defeats the purpose (or one of the purposes) of running a mail server, doesn't it?
1) He didn't state he was running a mail server.
Yes he did. First sentence.
The term 'mail server' can be pretty ambiguous..... incoming? outgoing?
I've set up a mail server, using SuSe Standard Server,
2) If he is, he should know enough how to set up to prevent relaying.
So, lemmie get this straight ... If he HAS to ask he does not DESERVE an answer?
Well yes.... I just took a quick read of some of the comments in /etc/postfix/main.cf and there is a *LOT* of information there on dealing with relaying. Should be sufficient for most.
He pointed out that his docos said is should not relay but he believes it was, and that's why he's asking. Christ, he purchased O'Reilly as well as SuSE so you can hardly accuse him of not RTFM...
I guess he didn't read the main.cf comments. That's where the changes are made. BTW, you;re bitching a lot a me... where are all of *YOUR* helpful comments???????
One learns by doing. I suppose you sprung fully onmicient from the womb?
FO
3) Since he is sending mail from rogers.com, it wouldn't appear that he is running his own mail server.....
Perhaps he had the sense to shut down when he realized it was a open relay...
Not so.. I've been corresponding off-list and he is doing this for some company.... not from his own machine.
It is for a company and I did shut down postfix, when I realized that it might be relaying. Incidentally, that reply to you, was accidentally sent off list. In this mail list, I have to change the reply to address. Sometimes I forget.
Cut him some slack. If you don't want to offer help, why read this list?
Gee... once again... just what did you add to help him out... huh?? huh??
On Sat, 24 Jul 2004 21:20:27 -0400
James Knott
sent off list. In this mail list, I have to change the reply to address. Sometimes I forget.
I don't think it's a function of the list. Isn't this only so for those people who insist on setting reply-to when they mail the list? I really do think this practice ought to be discouraged in a mailing list like this. - Richard. -- Richard Kimber http://www.psr.keele.ac.uk/
rkimber@ntlworld.com wrote:
On Sat, 24 Jul 2004 21:20:27 -0400 James Knott
wrote: sent off list. In this mail list, I have to change the reply to address. Sometimes I forget.
I don't think it's a function of the list. Isn't this only so for those people who insist on setting reply-to when they mail the list? I really do think this practice ought to be discouraged in a mailing list like this.
I don't think that's the cause. I don't use reply-to in my mail, yet a reply to one of my messages still goes to me, unless I change it. Also, right now, in replying to your message, the reply goes to you, not the list. Are you using reply-to? This happens with both Mozilla and KMail. My choices are hit reply and change the To: to the list, or use reply all and send to the list and originator.
* James Knott
I don't think that's the cause. I don't use reply-to in my mail, yet a reply to one of my messages still goes to me, unless I change it. Also, right now, in replying to your message, the reply goes to you, not the list. Are you using reply-to? This happens with both Mozilla and KMail.
My choices are hit reply and change the To: to the list, or use reply all and send to the list and originator.
You are saying that your email client will *not* allow you to edit the To: header? I think you *choose* not to edit the To: header. -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/photos
Patrick Shanahan wrote:
* James Knott
[07-25-04 11:04]: I don't think that's the cause. I don't use reply-to in my mail, yet a reply to one of my messages still goes to me, unless I change it. Also, right now, in replying to your message, the reply goes to you, not the list. Are you using reply-to? This happens with both Mozilla and KMail.
My choices are hit reply and change the To: to the list, or use reply all and send to the list and originator.
You are saying that your email client will *not* allow you to edit the To: header? I think you *choose* not to edit the To: header.
No. What I said is when I reply to the list, I have to change the To:
from the person who sent the message, to the list address. For example,
as I create this reply, the "To:" box currently contains "Patrick
Shanahan
* James Knott
If I had selected "Reply All", it would have gone to both you and the list and I don't think you'd want two copies of the same message.
And then edit/delete the address not to the list. Choice. I believe there exists a 'respond to list' key binding for mozilla mail, but am not sure. -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/photos
On Sunday 25 July 2004 08:36 am, James Knott wrote:
Patrick Shanahan wrote:
* James Knott
[07-25-04 11:04]: I don't think that's the cause. I don't use reply-to in my mail, yet a reply to one of my messages still goes to me, unless I change it. Also, right now, in replying to your message, the reply goes to you, not the list. Are you using reply-to? This happens with both Mozilla and KMail.
My choices are hit reply and change the To: to the list, or use reply all and send to the list and originator.
You are saying that your email client will *not* allow you to edit the To: header? I think you *choose* not to edit the To: header.
No. What I said is when I reply to the list, I have to change the To: from the person who sent the message, to the list address. For example, as I create this reply, the "To:" box currently contains "Patrick Shanahan
". Before I hit send, I have to change that to the list address, as I'm going to do right now. Having done that, I can now hit send and the message will go to the list, instead of you. If I had selected "Reply All", it would have gone to both you and the list and I don't think you'd want two copies of the same message.
On occasion, I forget to change the address before sending and I then have to resend the message to the list.
Problem: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040616 Solution: Kmail -- _____________________________________ John Andersen
On Sunday 25 July 2004 9:04 am, James Knott wrote:
I don't think that's the cause. I don't use reply-to in my mail, yet a reply to one of my messages still goes to me, unless I change it. Also, right now, in replying to your message, the reply goes to you, not the list. Are you using reply-to? This happens with both Mozilla and KMail.
My choices are hit reply and change the To: to the list, or use reply all and send to the list and originator.
In KMail, simply pressing 'L' will select 'reply to list'. Scott -- POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/ Linux 2.6.5-7.95-default x86_64
Scott Leighton wrote:
On Sunday 25 July 2004 9:04 am, James Knott wrote:
I don't think that's the cause. I don't use reply-to in my mail, yet a reply to one of my messages still goes to me, unless I change it. Also, right now, in replying to your message, the reply goes to you, not the list. Are you using reply-to? This happens with both Mozilla and KMail.
My choices are hit reply and change the To: to the list, or use reply all and send to the list and originator.
In KMail, simply pressing 'L' will select 'reply to list'.
Scott
Is there something similar available in Mozilla, as that's the program I use for my e-mail
On Sunday 25 July 2004 9:48 am, James Knott wrote:
Scott Leighton wrote:
On Sunday 25 July 2004 9:04 am, James Knott wrote:
I don't think that's the cause. I don't use reply-to in my mail, yet a reply to one of my messages still goes to me, unless I change it. Also, right now, in replying to your message, the reply goes to you, not the list. Are you using reply-to? This happens with both Mozilla and KMail.
My choices are hit reply and change the To: to the list, or use reply all and send to the list and originator.
In KMail, simply pressing 'L' will select 'reply to list'.
Scott
Is there something similar available in Mozilla, as that's the program I use for my e-mail
I don't use Mozilla myself, so I can't answer. But in KMail, if you right click on the piece of mail, a menu pops up that lists all the options, including the keyboard shortcut 'L' in this case. You might try right clicking and seeing if Mozilla lists your options. Scott -- POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/ Linux 2.6.5-7.95-default x86_64
Scott Leighton wrote:
On Sunday 25 July 2004 9:48 am, James Knott wrote:
Scott Leighton wrote:
On Sunday 25 July 2004 9:04 am, James Knott wrote:
I don't think that's the cause. I don't use reply-to in my mail, yet a reply to one of my messages still goes to me, unless I change it. Also, right now, in replying to your message, the reply goes to you, not the list. Are you using reply-to? This happens with both Mozilla and KMail.
My choices are hit reply and change the To: to the list, or use reply all and send to the list and originator.
In KMail, simply pressing 'L' will select 'reply to list'.
Scott
Is there something similar available in Mozilla, as that's the program I use for my e-mail
I don't use Mozilla myself, so I can't answer. But in KMail, if you right click on the piece of mail, a menu pops up that lists all the options, including the keyboard shortcut 'L' in this case.
You might try right clicking and seeing if Mozilla lists your options.
The only choices are to sender and all.
The Sunday 2004-07-25 at 12:48 -0400, James Knott wrote:
In KMail, simply pressing 'L' will select 'reply to list'.
Is there something similar available in Mozilla, as that's the program I use for my e-mail
No, unless somebody has designed a plugin. However, if you are using procmail for your local delivery, there is a simple recipe that solves the problem: :0f * ^X-Mailinglist: suse-linux-e | /usr/bin/formail -bfi "Reply-To:suse-linux-e@suse.com" :0 a: $HOME/Mail/lists/suse-linux-e Mutandis mutandi, of course. Perhaps it is possible to adapt a mozilla filter for the purpose. -- Cheers, Carlos Robinson
On Sunday 25 July 2004 9:04 am, James Knott wrote:
I don't think that's the cause. I don't use reply-to in my mail, yet a reply to one of my messages still goes to me, unless I change it. Also, right now, in replying to your message, the reply goes to you, not the list. Are you using reply-to? This happens with both Mozilla and KMail.
My choices are hit reply and change the To: to the list, or use reply all and send to the list and originator.
In KMail, simply pressing 'L' will select 'reply to list'.
Scott And I have just discovered that in evolution a right click on the message line in preview mode gives, reply to list, as one of the
On Sun, 2004-07-25 at 17:39, Scott Leighton wrote: options. Roger
On Sun, 2004-07-25 at 22:34 +0100, Roger Beever wrote:
On Sunday 25 July 2004 9:04 am, James Knott wrote:
I don't think that's the cause. I don't use reply-to in my mail, yet a reply to one of my messages still goes to me, unless I change it. Also, right now, in replying to your message, the reply goes to you, not the list. Are you using reply-to? This happens with both Mozilla and KMail.
My choices are hit reply and change the To: to the list, or use reply all and send to the list and originator.
In KMail, simply pressing 'L' will select 'reply to list'.
Scott And I have just discovered that in evolution a right click on the message line in preview mode gives, reply to list, as one of the
On Sun, 2004-07-25 at 17:39, Scott Leighton wrote: options.
And at least in the 1.5 series, ctrl-l is the shortcut for that
Anders Johansson wrote:
On Sun, 2004-07-25 at 22:34 +0100, Roger Beever wrote:
On Sun, 2004-07-25 at 17:39, Scott Leighton wrote:
On Sunday 25 July 2004 9:04 am, James Knott wrote:
I don't think that's the cause. I don't use reply-to in my mail, yet a reply to one of my messages still goes to me, unless I change it. Also, right now, in replying to your message, the reply goes to you, not the list. Are you using reply-to? This happens with both Mozilla and KMail.
My choices are hit reply and change the To: to the list, or use reply all and send to the list and originator.
In KMail, simply pressing 'L' will select 'reply to list'.
Scott
And I have just discovered that in evolution a right click on the message line in preview mode gives, reply to list, as one of the options.
And at least in the 1.5 series, ctrl-l is the shortcut for that
I realize you guys are having fun with this, but it's really not doing much to resolve the problem at hand, that the mail relay problem.
* James Knott
I realize you guys are having fun with this, but it's really not doing much to resolve the problem at hand, that the mail relay problem.
Why do you believe that you have an open mail relay. Have you tried one of the test sites for open relays? One was provided earlier in the thread. Have you read the text explanations in /etc/postfix/main.cf? # TRUST AND RELAY CONTROL # The mynetworks parameter specifies the list of "trusted" SMTP # clients that have more privileges than "strangers". # # In particular, "trusted" SMTP clients are allowed to relay mail # through Postfix. See the smtpd_recipient_restrictions parameter # in file sample-smtpd.cf. # # You can specify the list of "trusted" network addresses by hand # or you can let Postfix do it for you (which is the default). # there is more which pertains and should be read. I believe that you must specifically provide 'open' relay ability, from what I read. -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/photos
Patrick Shanahan wrote:
* James Knott
[07-25-04 17:07]: I realize you guys are having fun with this, but it's really not doing much to resolve the problem at hand, that the mail relay problem.
Why do you believe that you have an open mail relay. Have you tried one of the test sites for open relays? One was provided earlier in the thread.
Yes, I have tried the test sites and the generated message is sent to that server and then forwarded to my personal e-mail. Also, the mail logs show the messages being received and then sent.
Have you read the text explanations in /etc/postfix/main.cf?
# TRUST AND RELAY CONTROL
# The mynetworks parameter specifies the list of "trusted" SMTP # clients that have more privileges than "strangers". # # In particular, "trusted" SMTP clients are allowed to relay mail # through Postfix. See the smtpd_recipient_restrictions parameter # in file sample-smtpd.cf. # # You can specify the list of "trusted" network addresses by hand # or you can let Postfix do it for you (which is the default). #
there is more which pertains and should be read.
I believe that you must specifically provide 'open' relay ability, from what I read.
That was also my understanding, particularly since the O'Reilly book says postfix is by default configured to not relay. However, even though the settings I've checked, both mentioned here and in that book are configured to not relay, it is still occuring. I have also provided the info requested from main.cf, but I haven't heard much back on that. One suggestion was made, but it didn't resolve the problem. If you wish, I can provide the entire, current main.cf. tnx jk
On Sun, 2004-07-25 at 18:03 -0400, James Knott wrote:
I realize you guys are having fun with this, but it's really not doing much to resolve the problem at hand, that the mail relay problem.
Well, you only posted a partial log. What is in your access file? You seem to have it set up for authenticated users, do you have any users set up with bad or default or perhaps even no passwords? What user is the spammer authenticating as? Which relay test was it that passed? The relay page should have told you what it did to get past your access restrictions.
Anders Johansson wrote:
On Sun, 2004-07-25 at 18:03 -0400, James Knott wrote:
I realize you guys are having fun with this, but it's really not doing much to resolve the problem at hand, that the mail relay problem.
Well, you only posted a partial log.
What is in your access file? You seem to have it set up for authenticated users, do you have any users set up with bad or default or perhaps even no passwords? What user is the spammer authenticating as? Which relay test was it that passed? The relay page should have told you what it did to get past your access restrictions.
The entire access file is comments, there are no lines that don't start with "#". There are no users on the system yet, as it hasn't been turned up for use. I used both the abuse.net test site, that someone mentioned yesterday and http://members.iinet.net.au/~remmie/relay/. The abuse site will only allow me to send an anonymous test, which only tests if the server will accept a message. It does not actually send a message that can be forwarded. I was not able to be registered, so that I could send an actual test message. The ~remmie/relay site allowed me to send a message to myself, via the server relay. Those messages reached me. When I try that test with postfix turned off, I get the following: "Open Relay Test Results Default domain is staff.iinet.net.au Connecting to 69.156.194.250 ... <<< 421 4.4.1 SGS.DESTINYFIN.com Unable to contact destination FAILURE Unfortunately the program failed because... The connection was rejected" -------------------------------------- Then after starting postfix, I get: "Open Relay Test Results Default domain is staff.iinet.net.au Connecting to 69.156.194.250 ... <<< 220 [69.156.194.250] SMTP
HELO staff.iinet.net.au <<< 250 [69.156.194.250] talking to domain-web-03.iinet.net.au ([203.59.3.83])
To: james.knott@rogers.com From: spamtest@localhost
MAIL FROM: <<< 250 Ok RCPT TO: <<< 250 Ok DATA <<< 354 End data with . MESSAGE <<< 250 Ok: queued as A3D9B1FB2
SUCCESS
Relay Accepted - final response code 250
If you dont recieve it then its not a relay (Its still a Bad Thing (TM)
that it accepted)
Check your email"
-------------------------------------------------------
Then a couple of minutes later, the test message arrives:
"This is a test of third-party mail relay.
Target host = 69.156.194.250 7932516
Test performed by
On Sun, 2004-07-25 at 21:18 -0400, James Knott wrote:
Then after starting postfix, I get:
"Open Relay Test Results
Default domain is staff.iinet.net.au
Connecting to 69.156.194.250 ...
<<< 220 [69.156.194.250] SMTP
HELO staff.iinet.net.au <<< 250 [69.156.194.250] talking to domain-web-03.iinet.net.au ([203.59.3.83])
Hm. This doesn't actually look like postfix. Do you have something else running on that machine that accepts mail and then passes them on to postfix? Is the firewall perhaps a proxy, and not a simple firewall reverse NAT? If so, then postfix would see the mail as coming from the actual firewall machine, which is on the local LAN, which would explain why it sees it as trusted.
Anders Johansson wrote:
On Sun, 2004-07-25 at 21:18 -0400, James Knott wrote:
Then after starting postfix, I get:
"Open Relay Test Results
Default domain is staff.iinet.net.au
Connecting to 69.156.194.250 ...
<<< 220 [69.156.194.250] SMTP
HELO staff.iinet.net.au <<< 250 [69.156.194.250] talking to domain-web-03.iinet.net.au ([203.59.3.83])
Hm. This doesn't actually look like postfix. Do you have something else running on that machine that accepts mail and then passes them on to postfix?
No, it's just postfix & cyrus for mail.
Is the firewall perhaps a proxy, and not a simple firewall reverse NAT? If so, then postfix would see the mail as coming from the actual firewall machine, which is on the local LAN, which would explain why it sees it as trusted.
That I can't say. The firewall is a separate box, made by Symantec, which I have no control over, other than asking for ports to be forwarded. I guess I'll have to see what's actually in the packets and enquire about the firewall being a proxy. tnx for the idea.
On Sun, 25 Jul 2004 12:04:05 -0400
James Knott
I don't think that's the cause. I don't use reply-to in my mail, yet a reply to one of my messages still goes to me, unless I change it. Also, right now, in replying to your message, the reply goes to you, not the list. Are you using reply-to? This happens with both Mozilla and KMail.
I haven't set reply-to. It must be a function of the mail program you are using.
My choices are hit reply and change the To: to the list, or use reply all and send to the list and originator.
Try Sylpheed. That will reply to the list, unless the person you are replying to has set reply-to to go to a private address. - Richard. -- Richard Kimber http://www.psr.keele.ac.uk/
On Sat, 2004-07-24 at 20:42 -0400, Bruce Marshall wrote:
3) Since he is sending mail from rogers.com, it wouldn't appear that he is running his own mail server.....
How do you come to that conclusion? From what I can see, rogers.com is a company providing internet access. It's not a vanity domain. Or did I miss something?
Anders Johansson wrote:
On Sat, 2004-07-24 at 20:42 -0400, Bruce Marshall wrote:
3) Since he is sending mail from rogers.com, it wouldn't appear that he is running his own mail server.....
How do you come to that conclusion? From what I can see, rogers.com is a company providing internet access. It's not a vanity domain. Or did I miss something?
Rogers is where I have my personal e-mail account and it has absolutely nothing to do with the server.
On Saturday 24 July 2004 08:58 pm, Anders Johansson wrote:
On Sat, 2004-07-24 at 20:42 -0400, Bruce Marshall wrote:
3) Since he is sending mail from rogers.com, it wouldn't appear that he is running his own mail server.....
How do you come to that conclusion? From what I can see, rogers.com is a company providing internet access. It's not a vanity domain. Or did I miss something?
My assumption is that he is dialing into rogers.com (or maybe its a cable hookup or dsl) and it is not his own domain. I would also ASSume that since he's not using something like xxxx@knott.com, that he wasn't trying to accept *incoming* mail via smtp. Sure it's possible, but he didn't spell it out... and in fact, in private emails, he said he is doing this for another company..... Forget I ever posted on this subject...... I'm done. -- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 07/24/04 21:30 + +----------------------------------------------------------------------------+ "Politics is supposed to be the second oldest profession. I have come to realize that it bears a very close resemblance to the first."
Bruce Marshall wrote:
On Saturday 24 July 2004 08:58 pm, Anders Johansson wrote:
On Sat, 2004-07-24 at 20:42 -0400, Bruce Marshall wrote:
3) Since he is sending mail from rogers.com, it wouldn't appear that he is running his own mail server.....
How do you come to that conclusion? From what I can see, rogers.com is a company providing internet access. It's not a vanity domain. Or did I miss something?
My assumption is that he is dialing into rogers.com (or maybe its a cable hookup or dsl) and it is not his own domain. I would also ASSume that since he's not using something like xxxx@knott.com, that he wasn't trying to accept *incoming* mail via smtp.
Sure it's possible, but he didn't spell it out... and in fact, in private emails, he said he is doing this for another company.....
Forget I ever posted on this subject...... I'm done.
Rogers is my cable ISP, and has nothing to do with the server I'm working on.
Bruce Marshall wrote:
On Saturday 24 July 2004 03:30 pm, Anders Johansson wrote:
On Sat, 2004-07-24 at 15:26 -0400, Bruce Marshall wrote:
On Saturday 24 July 2004 03:15 pm, James Knott wrote:
I've set up a mail server, using SuSe Standard Server, and while it's now working, it appears I've also got an open mail relay running. According to what I've read in the O'Reilly Postfix book, postfix is supposed to default to not be an open relay. I've check main.cf and I can't see anything that might be causing the open relay. Any ideas, as to what I might check? I've shut down postfix, until I can resolve this problem.
Why are you allowing people outside your firewall (you do have one don't you?) to come in on port 25?? If they can't use port 25, they can't use you as a relay.
They also can't send you mail. Sort of defeats the purpose (or one of the purposes) of running a mail server, doesn't it?
1) He didn't state he was running a mail server. 2) If he is, he should know enough how to set up to prevent relaying. 3) Since he is sending mail from rogers.com, it wouldn't appear that he is running his own mail server.....
1) I thought I did 2) This is a "learning experience". We all have to start somewhere. 3) I am posting from my own personal account, not from the mail server I'm trying to set up. That server is in someone's office, several miles from here, so everything I'm doing over the weekend is done remotely.
participants (10)
-
Anders Johansson
-
Bruce Marshall
-
Carlos E. R.
-
James Knott
-
John Andersen
-
Josephine
-
Patrick Shanahan
-
rkimber@ntlworld.com
-
Roger Beever
-
Scott Leighton