RE: Help, still an open relay.?

From: M M <rmak13_at_nospam>
Date: Fri Apr 09 2010 - 12:58:04 GMT
To: <postfix-users@postfix.org>

Solved!. Thanks

The problem was external clients were NAT translated. Had my network guy undo it and its working fine now!

Thanks again!

P.S - Victor, what is the best practice to have smtpd_recipient_restrictions? in which order?

> Date: Tue, 6 Apr 2010 17:57:57 -0400
> From: Victor.Duchovni@morganstanley.com
> To: postfix-users@postfix.org
> Subject: Re: Help, still an open relay.?
>
> On Tue, Apr 06, 2010 at 01:21:26PM -0800, M M wrote:
>
>> [...] my server is an open relay according to online tests.
>>
>> mynetworks = 127.0.0.1/8, 198.100.50.0/24
>
> Make sure external clients are not NAT translated into this address space.
>
>> virtual_mailbox_domains =
>> mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
>
> Make sure this table does not match all lookup keys, report the output of:
>
> $ postmap -q a.test mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
>
>> virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-email2email.cf
>
> Make sure this table does not match all lookup keys, report the output of:
>
> $ postmap -q a.test \
> mysql:/etc/postfix/mysql-virtual-alias-maps.cf \
> mysql:/etc/postfix/mysql-email2email.cf
>
>> smtpd_recipient_restrictions =
>> reject_invalid_hostname,
>> reject_non_fqdn_sender,
>> reject_non_fqdn_recipient,
>> reject_unknown_sender_domain,
>> reject_unknown_recipient_domain,
>> permit_mynetworks,
>> reject_unauth_destination,
>> permit_sasl_authenticated,
>> reject_unauth_pipelining,
>
> The "permit_sasl_authenticated" is pretty useless after
> "reject_unauth_destination". With this, the only way for you to be an
> "open relay" (show logs of messages you accepted that should not have
> been accepted) is if mynetworks is wrong (NAT?) or the domain lists
> (mydestination, virtual_alias_domains, virtual_mailbox_domains, ...)
> are wrong. My bet is on misconfigured SQL queries.
>
> --
> Viktor.
>
> P.S. Morgan Stanley is looking for a New York City based, Senior Unix
> system/email administrator to architect and sustain our perimeter email
> environment. If you are interested, please drop me a note.

_________________________________________________________________
The New Busy is not the old busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3

This message: [ Message body ]
Next message: Ansgar Wiechers: "Re: Configuration Backup Script"
Previous message: Wietse Venema: "Re: amavis Delivery status notification(DSN) failing"
In reply to: Victor Duchovni: "Re: Help, still an open relay.?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]