Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Postfix relay, I don't want to SPAM
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
jmarcus
Apprentice
Apprentice


Joined: 12 Jun 2004
Posts: 197

PostPosted: Wed Dec 07, 2005 4:52 pm    Post subject: Postfix relay, I don't want to SPAM Reply with quote

I have taken the advice of other posts including my own on this issue. I looked at netstat and my logs today, as well as my queues and they all look like I'm an open relay. Could someone please comment on this configuration:

Code:

harper usr # postconf -n
alias_database = hash:/etc/mail/aliases
alias_maps = hash:/etc/mail/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 2
home_mailbox = .maildir/
html_directory = no
inet_interfaces = all
local_destination_concurrency_limit = 2
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = domain.com
myhostname = harper.domain.com
mynetworks = 66.1x6.1xx.139/8, 127.0.0.0/8 <-edited the 66 IP
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.1.5-r2/readme
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550


thanks,
James
Back to top
View user's profile Send private message
badchien
Guru
Guru


Joined: 16 Feb 2004
Posts: 415
Location: doghouse

PostPosted: Wed Dec 07, 2005 5:26 pm    Post subject: Reply with quote

This is wrong:
Code:
mynetworks = 66.1x6.1xx.139/8

That range includes every IP from 66.0.0.0 to 66.255.255.255. I know those aren't all yours, because a few of them are mine ;) You are allowing everyone in that block to relay through your box. Certainly not what you want to do.

What range of IPs SHOULD be allowed to relay? 66.1x6.1xx.135 through 66.1x6.1xx.142? (just a guess..) or something else?
Back to top
View user's profile Send private message
jmarcus
Apprentice
Apprentice


Joined: 12 Jun 2004
Posts: 197

PostPosted: Wed Dec 07, 2005 5:33 pm    Post subject: Reply with quote

Just that one IP should be allowed to relay.
Back to top
View user's profile Send private message
jmarcus
Apprentice
Apprentice


Joined: 12 Jun 2004
Posts: 197

PostPosted: Wed Dec 07, 2005 5:33 pm    Post subject: Reply with quote

Why is it done with a CIDR network, can I just remove the /8?

James
Back to top
View user's profile Send private message
badchien
Guru
Guru


Joined: 16 Feb 2004
Posts: 415
Location: doghouse

PostPosted: Wed Dec 07, 2005 5:38 pm    Post subject: Reply with quote

Ahh, then you just want this:
Code:
mynetworks = 66.1x6.1xx.139/32, 127.0.0.0/8


Why? I guess because you can specify anything from a single host to a huge block, or both, all on one line.
Back to top
View user's profile Send private message
jmarcus
Apprentice
Apprentice


Joined: 12 Jun 2004
Posts: 197

PostPosted: Wed Dec 07, 2005 5:43 pm    Post subject: Reply with quote

If I just have
Quote:
mynetworks = 66.116.103.139, 127.0.0.0/8


Will that work or do I need to add the /32?

thanks,
James
Back to top
View user's profile Send private message
badchien
Guru
Guru


Joined: 16 Feb 2004
Posts: 415
Location: doghouse

PostPosted: Wed Dec 07, 2005 7:14 pm    Post subject: Reply with quote

As far as I know you need the /32
Back to top
View user's profile Send private message
jmarcus
Apprentice
Apprentice


Joined: 12 Jun 2004
Posts: 197

PostPosted: Wed Dec 07, 2005 7:46 pm    Post subject: [Solved] Reply with quote

okay thanks! I didn't use the /32 in my testing, but I will try it. My logs aren't aren't scrolling, so I feel better.

thanks,
James
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum