Re: Postfix in unstable made my system an open spam relay
On Tue, Oct 02, 2001 at 08:35:39AM -0300, Henrique de Moraes Holschuh wrote:
> On Tue, 02 Oct 2001, martin f krafft wrote:
> > also sprach Bruce Perens (on Tue, 02 Oct 2001 01:57:20AM -0700):
> > > WARNING: The postfix snapshot in unstable, when installed, makes my
> > > system into an open relay. It happens here with the default
> > > configuration. I had to fall back to the one in unstable.
> >
> > um, ever considered fixing the configuration? i doubt that the default
> > applies to your system anyway...
>
> Postfix takes quite a lot of pain not to be an open relay by default. If
> Debian's standard debconf'ed Postfix install is forcing it to become an
> open relay, that's grouds for a security grave/critical bug report.
I installed postfix out of unstable today without that symptom at all. All
debconf did was to put sane entries a few of the more obvious configuration
parameters. From /etc/postfix/main.cf:
# TRUST AND RELAY CONTROL
# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
#
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix. See the smtpd_recipient_restrictions parameter
# in file sample-smtpd.cf.
#
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
#
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
# clients in the same IP subnetworks as the local machine.
# On Linux, this does works correctly only with interfaces specified
# with the "ifconfig" command.
#
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# clients in the same IP class A/B/C networks as the local machine.
# Don't do this with a dialup site - it would cause Postfix to "trust"
# your entire provider's network. Instead, specify an explicit
# mynetworks list by hand, as described below.
#
# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
#
# mynetworks_style = class
# mynetworks_style = subnet
# mynetworks_style = host
So if you're on 192.168.0.1/24 and it relays for another machine on that
network, try reading the config file :-)
Cheers,
Grahame
--
Grahame Bowland <grahame@azale.net>
Reply to: