Re: imap
--Adrian von Bidder <avbidder@fortytwo.ch> wrote
(on Tuesday, 17 September 2002, 02:48 PM +0200):
> On Tue, 2002-09-17 at 14:40, Matthew Weier O'Phinney wrote:
> > complaints. It takes a bit of tuning (non-obvious tuning, as well!) to
> > make postfix not be an open relay, and you'll need to set it up to
>
> Huh!?
>
> I never had any problems setting up postfix. Testing for open relay is
> always one of the first things I do after setting up, and I've never had
> it open so far.
>
> If you feel certain things have to be watched, I'd be glad you publish
> it here, though, perhaps my configurations are just too simple.
There's one setting that's standard in the "main.cf" file that
supposedly turns off the open relay:
relay_domains = *.yourdomain.tld
However, I discovered that even with this set properly, I was still
being used as an open relay -- in testing, I even ssh'd to a server
across the country with which I had set up no trust relationship vis a
vis smtp, and was able to send email via my server to a yahoo account.
What I discovered needed to be set was the following:
smtpd_client_restrictions = permit_mynetworks, reject_unknown_client
and this line needs to occur before the relay_domains setting. After I'd
done so, any connections to my smtp server outside my local network were
denied.
--Matthew
Reply to:
- Follow-Ups:
- Re: imap
- From: Adrian 'Dagurashibanipal' von Bidder <avbidder@fortytwo.ch>
- References:
- imap
- From: "Joyce, Matthew" <MJoyce@ccia.org.au>
- Re: imap
- From: Matthew Weier O'Phinney <weierophinney@griffdog.net>
- Re: imap
- From: Adrian von Bidder <avbidder@fortytwo.ch>