Re: Postfix in unstable made my system an open spam relay

To: Henrique de Moraes Holschuh <hmh@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Postfix in unstable made my system an open spam relay
From: grahame@azale.net (Grahame Bowland)
Date: Tue, 2 Oct 2001 23:40:21 +0800
Message-id: <[🔎] 20011002234021.A16744@sigaba>
In-reply-to: <[🔎] 20011002083539.A13461@godzillah>
References: <[🔎] 20011002085720.C8092336F@perens.com> <[🔎] 20011002111344.A31349@fishbowl.madduck.net> <[🔎] 20011002083539.A13461@godzillah>

On Tue, Oct 02, 2001 at 08:35:39AM -0300, Henrique de Moraes Holschuh wrote:
> On Tue, 02 Oct 2001, martin f krafft wrote:
> > also sprach Bruce Perens (on Tue, 02 Oct 2001 01:57:20AM -0700):
> > > WARNING: The postfix snapshot in unstable, when installed, makes my
> > > system into an open relay. It happens here with the default
> > > configuration. I had to fall back to the one in unstable.
> > 
> > um, ever considered fixing the configuration? i doubt that the default
> > applies to your system anyway...
> 
> Postfix takes quite a lot of pain not to be an open relay by default. If
> Debian's standard debconf'ed Postfix install is forcing it to become an
> open relay, that's grouds for a security grave/critical bug report.

I installed postfix out of unstable today without that symptom at all. All 
debconf did was to put sane entries a few of the more obvious configuration 
parameters. From /etc/postfix/main.cf:

    # TRUST AND RELAY CONTROL
    
    # The mynetworks parameter specifies the list of "trusted" SMTP
    # clients that have more privileges than "strangers".
    #
    # In particular, "trusted" SMTP clients are allowed to relay mail
    # through Postfix.  See the smtpd_recipient_restrictions parameter
    # in file sample-smtpd.cf.
    #
    # You can specify the list of "trusted" network addresses by hand
    # or you can let Postfix do it for you (which is the default).
    #
    # By default (mynetworks_style = subnet), Postfix "trusts" SMTP
    # clients in the same IP subnetworks as the local machine.
    # On Linux, this does works correctly only with interfaces specified
    # with the "ifconfig" command.
    # 
    # Specify "mynetworks_style = class" when Postfix should "trust" SMTP
    # clients in the same IP class A/B/C networks as the local machine.
    # Don't do this with a dialup site - it would cause Postfix to "trust"
    # your entire provider's network.  Instead, specify an explicit
    # mynetworks list by hand, as described below.
    #  
    # Specify "mynetworks_style = host" when Postfix should "trust"
    # only the local machine.
    # 
    # mynetworks_style = class
    # mynetworks_style = subnet
    # mynetworks_style = host

So if you're on 192.168.0.1/24 and it relays for another machine on that 
network, try reading the config file :-)

Cheers,
Grahame

-- 
Grahame Bowland <grahame@azale.net>

Reply to:

References:
- Postfix in unstable made my system an open spam relay
  - From: bruce@perens.com (Bruce Perens)
- Re: Postfix in unstable made my system an open spam relay
  - From: martin f krafft <madduck@madduck.net>
- Re: Postfix in unstable made my system an open spam relay
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: BRLTTY .deb pack?
Next by Date: crontab problems ...
Previous by thread: Re: Postfix in unstable made my system an open spam relay
Next by thread: Re: Postfix in unstable made my system an open spam relay
Index(es):
- Date
- Thread