View previous topic :: View next topic |
Author |
Message |
jmarcus Apprentice
Joined: 12 Jun 2004 Posts: 197
|
Posted: Wed Dec 07, 2005 4:52 pm Post subject: Postfix relay, I don't want to SPAM |
|
|
I have taken the advice of other posts including my own on this issue. I looked at netstat and my logs today, as well as my queues and they all look like I'm an open relay. Could someone please comment on this configuration:
Code: |
harper usr # postconf -n
alias_database = hash:/etc/mail/aliases
alias_maps = hash:/etc/mail/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 2
home_mailbox = .maildir/
html_directory = no
inet_interfaces = all
local_destination_concurrency_limit = 2
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = domain.com
myhostname = harper.domain.com
mynetworks = 66.1x6.1xx.139/8, 127.0.0.0/8 <-edited the 66 IP
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.1.5-r2/readme
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
|
thanks,
James |
|
Back to top |
|
|
badchien Guru
Joined: 16 Feb 2004 Posts: 415 Location: doghouse
|
Posted: Wed Dec 07, 2005 5:26 pm Post subject: |
|
|
This is wrong:
Code: | mynetworks = 66.1x6.1xx.139/8 |
That range includes every IP from 66.0.0.0 to 66.255.255.255. I know those aren't all yours, because a few of them are mine You are allowing everyone in that block to relay through your box. Certainly not what you want to do.
What range of IPs SHOULD be allowed to relay? 66.1x6.1xx.135 through 66.1x6.1xx.142? (just a guess..) or something else? |
|
Back to top |
|
|
jmarcus Apprentice
Joined: 12 Jun 2004 Posts: 197
|
Posted: Wed Dec 07, 2005 5:33 pm Post subject: |
|
|
Just that one IP should be allowed to relay. |
|
Back to top |
|
|
jmarcus Apprentice
Joined: 12 Jun 2004 Posts: 197
|
Posted: Wed Dec 07, 2005 5:33 pm Post subject: |
|
|
Why is it done with a CIDR network, can I just remove the /8?
James |
|
Back to top |
|
|
badchien Guru
Joined: 16 Feb 2004 Posts: 415 Location: doghouse
|
Posted: Wed Dec 07, 2005 5:38 pm Post subject: |
|
|
Ahh, then you just want this:
Code: | mynetworks = 66.1x6.1xx.139/32, 127.0.0.0/8 |
Why? I guess because you can specify anything from a single host to a huge block, or both, all on one line. |
|
Back to top |
|
|
jmarcus Apprentice
Joined: 12 Jun 2004 Posts: 197
|
Posted: Wed Dec 07, 2005 5:43 pm Post subject: |
|
|
If I just have
Quote: | mynetworks = 66.116.103.139, 127.0.0.0/8 |
Will that work or do I need to add the /32?
thanks,
James |
|
Back to top |
|
|
badchien Guru
Joined: 16 Feb 2004 Posts: 415 Location: doghouse
|
Posted: Wed Dec 07, 2005 7:14 pm Post subject: |
|
|
As far as I know you need the /32 |
|
Back to top |
|
|
jmarcus Apprentice
Joined: 12 Jun 2004 Posts: 197
|
Posted: Wed Dec 07, 2005 7:46 pm Post subject: [Solved] |
|
|
okay thanks! I didn't use the /32 in my testing, but I will try it. My logs aren't aren't scrolling, so I feel better.
thanks,
James |
|
Back to top |
|
|
|