[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Postfix is spammer-friendly by default on potato and woody

On Thu, Nov 02, 2000 at 10:42:38AM +0100, Ingemar Fällman wrote:
> Hi
> When i was looking trough my logs tody i found that my host had been
> used
> as a relay host... I changed from sendmail to postfix because everyone
> told
> me that postfix was more secure.
> When looking at the default configurationfiles installed by debian there
> was
> nothing that prevents unauthorized users to send mail to anyone.

did you run a test to see if this was really the case?  such as telnet mail-abuse.org

i have run such a test on a default potato postfix setup and it passed
all those tests, is there some other relay method that it does not

> By adding this line to main.cf you can make sure that only your host can
> send mail to users outside your system:
> smtpd_sender_restrictions = check_relay_domains,

from the smtpd man page:

              Restrict  what sender addresses are allowed in MAIL
              FROM commands.

it is true that postfix does not tend to care what you put in a FROM
but that does not mean it allows relay (just watch the mail-abuse.org

what postfix does is check to see whether the TO address is local, and
if not it checks whether the connecting user is within the allowed
relay domain (which is by default only the domain of the mailhost) if
not it refuses the message.  

> reject_unknown_sender_domain

didn't find this one.. (didnt search through all the man pages)

> Is this someting that should be added by default?? I think so....

no MTA should ever be a open relay much less by default, but from my
testing postfix is not.  are you sure your using the debian current
packages and not some old ones?  there was an old broken version of
postfix way back when that was a open relay, it was a bug long ago
fixed.  (its in the FAQ) 

but then i could be missing something, im tired ;-)  

Ethan Benson

Attachment: pgpZ9Q5ZiI5nb.pgp
Description: PGP signature

Reply to: