--Adrian von Bidder <[EMAIL PROTECTED]> wrote
(on Tuesday, 17 September 2002, 02:48 PM +0200):
> On Tue, 2002-09-17 at 14:40, Matthew Weier O'Phinney wrote:
> > complaints. It takes a bit of tuning (non-obvious tuning, as well!) to
> > make postfix not be an open relay, and you'll need to set it up to
>
> Huh!?
>
> I never had any problems setting up postfix. Testing for open relay is
> always one of the first things I do after setting up, and I've never had
> it open so far.
>
> If you feel certain things have to be watched, I'd be glad you publish
> it here, though, perhaps my configurations are just too simple.
There's one setting that's standard in the "main.cf" file that
supposedly turns off the open relay:
relay_domains = *.yourdomain.tld
However, I discovered that even with this set properly, I was still
being used as an open relay -- in testing, I even ssh'd to a server
across the country with which I had set up no trust relationship vis a
vis smtp, and was able to send email via my server to a yahoo account.
What I discovered needed to be set was the following:
smtpd_client_restrictions = permit_mynetworks, reject_unknown_client
and this line needs to occur before the relay_domains setting. After I'd
done so, any connections to my smtp server outside my local network were
denied.
--Matthew
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
