| View previous topic :: View next topic |
| Author |
Message |
pytr
n00b
Joined: 09 Jan 2003
Posts: 27
|
 Posted: Thu Jan 09, 2003 8:45 pm Post subject: postfix & remote relay |
 |
|
I want to enable my laptop to be able to send mail thru my home postfix server. So I add this to my main.cf:
smtpd_recipient_restrictions =
permit_mynetworks
check_client_access hash:/etc/postfix/client_access
reject_unauth_destination
And it works.However I see that someone else is able to send mail thru it from a IP not listed in my client_access file.And they are sending email as from:<> and it works  .
Is my client relaying screwing up postfix? Is this the right syntax? |
|
| Back to top |
|
 |
vicay
Tux's lil' helper
Joined: 29 Apr 2002
Posts: 97
Location: Dresden, Germany
|
| Posted: Fri Jan 10, 2003 1:00 am Post subject: Re: postfix & remote relay |
|
|
| pytr wrote: | I want to enable my laptop to be able to send mail thru my home postfix server. So I add this to my main.cf:
smtpd_recipient_restrictions =
permit_mynetworks
check_client_access hash:/etc/postfix/client_access
reject_unauth_destination
And it works.However I see that someone else is able to send mail thru it from a IP not listed in my client_access file.And they are sending email as from:<> and it works .
Is my client relaying screwing up postfix? Is this the right syntax? |
Hello,
please list the output of
Thanks
vicay |
|
| Back to top |
|
|
pytr
n00b
Joined: 09 Jan 2003
Posts: 27
|
| Posted: Fri Jan 10, 2003 3:48 am Post subject: |
|
|
alias_database = hash:/etc/mail/aliases mail_spool_directory = /var/spool/mail
alias_maps = hash:/etc/mail/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 10
default_privs = nobody
default_transport = smtp
inet_interfaces = all
local_destination_concurrency_limit = 2
mail_owner = postfix
mydestination = $myhostname, localhost.$mydomain, $mydomain,mail.$mydomain, www.$mydomain, ftp.$mydomain
mydomain = domaintaken.out
myhostname = my.domaintaken.out
myorigin = $mydomain
queue_directory = /var/spool/postfix
smtpd_recipient_restrictions = permit_mynetworks check_client_access hash:/etc/postfix/client_access reject_unauth_destination |
|
| Back to top |
|
|
vicay
Tux's lil' helper
Joined: 29 Apr 2002
Posts: 97
Location: Dresden, Germany
|
| Posted: Fri Jan 10, 2003 8:50 am Post subject: |
|
|
Hello again,
wouldn't it be easier, if you add your trusted laptop/home-network
to the mynetworks parameter? So you don't have to use a special map
for your clients. Let's say your network is 192.168.1.x...
ie.
mynetworks = 192.168.1.0/24, 127.0.0.0/8
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
The other question. Who is this someone else who sends mail?
Please show some logs 
vicay |
|
| Back to top |
|
|
pytr
n00b
Joined: 09 Jan 2003
Posts: 27
|
| Posted: Fri Jan 10, 2003 8:05 pm Post subject: ??? |
|
|
Problem with listing in mynetworks is won't that allow any host from that subnet 192.168.1.x/24? And I'm using my top from work which is a public subnet,not private.
Log of unknown person relaying thru me:
Jan 10 11:05:31 zip postfix/qmgr[1799]: 9914A22359E: to=<Jocelyn@goodjobmedia.com>, size=5074, nrcpt=1 (queue active)
Jan 10 11:05:31 zip postfix/qmgr[1799]: 9914A22359E: from=<>, size=6574, nrcpt=1 (queue active)
wierd thing is it seems to be coming from my ISP mail server...or rather what's listed as their mail server. |
|
| Back to top |
|
|
vicay
Tux's lil' helper
Joined: 29 Apr 2002
Posts: 97
Location: Dresden, Germany
|
| Posted: Fri Jan 10, 2003 10:20 pm Post subject: Re: ??? |
|
|
| pytr wrote: | Problem with listing in mynetworks is won't that allow any host from that subnet 192.168.1.x/24? And I'm using my top from work which is a public subnet,not private.
|
Hello again,
then you might try
mynetworks_style = host
mynetworks = lap.top.ip.add, 127.0.0.1
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
| pytr wrote: |
Log of unknown person relaying thru me:
Jan 10 11:05:31 zip postfix/qmgr[1799]: 9914A22359E: to=<Jocelyn@goodjobmedia.com>, size=5074, nrcpt=1 (queue active)
Jan 10 11:05:31 zip postfix/qmgr[1799]: 9914A22359E: from=<>, size=6574, nrcpt=1 (queue active)
wierd thing is it seems to be coming from my ISP mail server...or rather what's listed as their mail server. |
with the settings above all $mynetworks clients are allowed
to send mail to all destinations via your postfix.
clients NOT belonging to $mynetworks are still allowed to send mail
to all targets specified in $mydestination. If the domain
goodjobmedia.com is
part of $mydestination, then your postfix accepts mails for
this domain.
If your postfix should not accept mail from anyone but $mynetworks,
you have to specify
| Code: |
smtpd_recipient_restrictions = permit_mynetworks, reject
|
Another interesting question is why your ISP transports this mail
to yor server.
Best regards
vicay |
|
| Back to top |
|
|
clutch
n00b
Joined: 22 Oct 2002
Posts: 25
|
| Posted: Fri Jan 17, 2003 5:24 am Post subject: |
|
|
Thank you! This was a very clearly written answer, and gave me the slight nudge I needed to understand the listings better in the smtpd example file. Now I can properly protect against relaying. Thanks again.
_________________
Regards,
clutch |
|
| Back to top |
|
|
|
Networking & Security
