sslug-teknik team mailing list archive

Thread
Date
Re: Hvordan stopper jeg et Postfix open relay?

To: sslug-teknik@xxxxxxxx
From: Bjarke Bruun <bbj@xxxxxxxxx>
Date: Thu, 1 May 2003 10:15:30 +0200
Delivered-to: mailing list sslug-teknik@xxxxxxxx
In-reply-to: <m21xzj1zdv.fsf@dolle.kalibalik.dk>
Mailing-list: contact sslug-teknik-help@xxxxxxxx; run by ezmlm
Organization: Brothers - new system solutions
User-agent: KMail/1.4.1
On Wednesday 30 April 2003 22:52, you wrote:
> Bjarke Bruun <bbj@xxxxxxxxx> wrote:
> > Jeg sidder med Postfix 1.1.11-114 og har et "open relay" som jeg
> > ikke kan lukke.
>
> Nå, den var ikke god. Postfix er ellers ikke sådan at få til at være
> åbent relæ. Så som Jesper skriver: hvordan tester du?

Jeg bruger ssh til at logge ind på maskinen - den har fast ip. Den har ikke 
noget problem med at blive brugt af kmail (det mail program jeg bruger 
normalt) til at sende fra, fra $mydomain. 
Når jeg så logger ind på en anden maskine jeg har ståenden ude i byen og 
prøver at bruge postfix serverne som smtp-server sender den også e-mailen... 
Det vil jeg ikke have - det er med bbj@xxxxxxxxx e-mail adressen jeg tester 
med - det er nemlig ikke det domæne jeg har sat postfix op på.

Det skal lige siges at jeg ikke er "mail" ekspert - iptables og routning er 
nemmere i mine øjne og øre :-)

> Umiddelbart kunne jeg ikke se noget galt i din konfiguration, men den
> var lidt uoverskuelig. Kan du måske køre "postconf -n" og sende uddata
> derfra i stedet?

Den kommer her
2bounce_notice_recipient = postmaster
access_map_reject_code = 554
alias_database = hash:/etc/aliases,hash:/etc/aliases.d/slots
alias_maps = hash:/etc/aliases,hash:/etc/aliases.d/slots,ldap:ldapaliases
allow_mail_to_commands = alias,forward
allow_mail_to_files = alias,forward
allow_min_user = no
allow_percent_hack = yes
allow_untrusted_routing = no
alternate_config_directories = 
always_bcc = 
append_at_myorigin = yes
append_dot_mydomain = yes
best_mx_transport = 
biff = yes
body_checks = 
bounce_notice_recipient = postmaster
bounce_size_limit = 500
broken_sasl_auth_clients = no
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
command_expansion_filter = 
1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
command_time_limit = 1000s
config_directory = /etc/postfix
content_filter = 
daemon_directory = /usr/lib/postfix
daemon_timeout = 18000s
debug_peer_level = 3
debug_peer_list = 
default_database_type = hash
default_delivery_slot_cost = 5
default_delivery_slot_discount = 50
default_delivery_slot_loan = 3
default_destination_concurrency_limit = 10
default_destination_recipient_limit = 50
default_extra_recipient_limit = 1000
default_minimum_delivery_slots = 3
default_privs = nobody
default_process_limit = 50
default_recipient_limit = 10000
default_transport = smtp
default_verp_delimiters = +=
defer_transports = 
delay_notice_recipient = postmaster
delay_warning_time = 60s
deliver_lock_attempts = 20
deliver_lock_delay = 1s
disable_dns_lookups = no
disable_verp_bounces = no
disable_vrfy_command = no
dont_remove = 0
double_bounce_sender = double-bounce
duplicate_filter_limit = 1000
empty_address_recipient = MAILER-DAEMON
error_notice_recipient = postmaster
expand_owner_alias = no
export_environment = TZ MAIL_CONFIG
extract_recipient_limit = 10240
fallback_relay = 
fallback_transport = 
fast_flush_domains = $relay_domains
fast_flush_purge_time = 1m
fast_flush_refresh_time = 12h
fault_injection_code = 0
fork_attempts = 5
fork_delay = 1s
forward_expansion_filter = 
1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
forward_path = $home/.forward${recipient_delimiter}${extension},$home/.forward
hash_queue_depth = 2
hash_queue_names = incoming,active,deferred,bounce,defer,flush
header_checks = 
header_size_limit = 102400
home_mailbox = 
hopcount_limit = 50
ignore_mx_lookup_error = no
import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY
in_flow_delay = 1s
inet_interfaces = all
initial_destination_concurrency = 5
invalid_hostname_reject_code = 501
ipc_idle = 100s
ipc_timeout = 3600s
line_length_limit = 2048
lmtp_cache_connection = yes
lmtp_connect_timeout = 0s
lmtp_data_done_timeout = 600s
lmtp_data_init_timeout = 120s
lmtp_data_xfer_timeout = 180s
lmtp_lhlo_timeout = 300s
lmtp_mail_timeout = 300s
lmtp_quit_timeout = 300s
lmtp_rcpt_timeout = 300s
lmtp_rset_timeout = 300s
lmtp_sasl_auth_enable = no
lmtp_sasl_password_maps = 
lmtp_sasl_security_options = noplaintext, noanonymous
lmtp_skip_quit_response = no
lmtp_tcp_port = 24
local_command_shell = 
local_destination_concurrency_limit = 10
local_destination_recipient_limit = 1
local_recipient_maps = 
local_transport = local
luser_relay = 
mail_name = Postfix
mail_owner = postfix
mail_release_date = 20020528
mail_spool_directory = /var/mail
mail_version = 1.1.11
mailbox_command = 
mailbox_command_maps = 
mailbox_delivery_lock = flock, dotlock
mailbox_size_limit = 0
mailbox_transport = lmtp:unix:public/lmtp
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains = 
maps_rbl_reject_code = 554
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains = $mydomain
masquerade_exceptions = root
max_idle = 100s
max_use = 100
maximal_backoff_time = 4000s
maximal_queue_lifetime = 5d
message_size_limit = 30000000
minimal_backoff_time = 1000s
mydestination = $mydomain, $myhostname, localhost.$mydomain
mydomain = example.com
myhostname = mail.exapmle.com
mynetworks = 127.0.0.0/8 192.168.10.0/24 !192.168.10.1
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/sbin/sendmail
non_fqdn_reject_code = 504
notify_classes = resource,software
owner_request_special = yes
parent_domain_matches_subdomains = 
debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
permit_mx_backup_networks = 
prepend_delivered_header = command, file, forward
process_id_directory = pid
program_directory = /usr/libexec/postfix
propagate_unmatched_extensions = canonical, virtual
qmgr_fudge_factor = 100
qmgr_message_active_limit = 100
qmgr_message_recipient_limit = 100
qmgr_message_recipient_minimum = 10
qmgr_site_hog_factor = 100
qmqpd_authorized_clients = 
qmqpd_error_delay = 5s
qmqpd_timeout = 300s
queue_directory = /var/spool/postfix
queue_minfree = 0
queue_run_delay = 1000s
readme_directory = /usr/share/doc/packages/postfix/README_FILES
recipient_canonical_maps = 
recipient_delimiter = +
reject_code = 554
relay_clientcerts = ldap:ldaprelcert
relay_domains = 
relay_domains_reject_code = 554
relayhost = 
relocated_maps = hash:/etc/postfix/relocated
require_home_directory = no
resolve_dequoted_address = yes
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
service_throttle_time = 60s
setgid_group = maildrop
smtp_always_send_ehlo = yes
smtp_bind_address = 
smtp_connect_timeout = 0s
smtp_data_done_timeout = 600s
smtp_data_init_timeout = 120s
smtp_data_xfer_timeout = 180s
smtp_destination_concurrency_limit = $default_destination_concurrency_limit
smtp_destination_recipient_limit = $default_destination_recipient_limit
smtp_enforce_tls = no
smtp_helo_timeout = 300s
smtp_line_length_limit = 990
smtp_mail_timeout = 300s
smtp_never_send_ehlo = no
smtp_pix_workaround_delay_time = 10s
smtp_pix_workaround_threshold_time = 500s
smtp_quit_timeout = 300s
smtp_randomize_addresses = yes
smtp_rcpt_timeout = 300s
smtp_sasl_auth_enable = no
smtp_sasl_password_maps = 
smtp_sasl_security_options = noplaintext, noanonymous
smtp_skip_4xx_greeting = yes
smtp_skip_5xx_greeting = yes
smtp_skip_quit_response = yes
smtp_starttls_timeout = 300s
smtp_tls_CAfile = 
smtp_tls_CApath = 
smtp_tls_cert_file = 
smtp_tls_cipherlist = 
smtp_tls_dcert_file = 
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_enforce_peername = yes
smtp_tls_key_file = $smtp_tls_cert_file
smtp_tls_loglevel = 0
smtp_tls_note_starttls_offer = no
smtp_tls_per_site = 
smtp_tls_session_cache_database = 
smtp_tls_session_cache_timeout = 3600s
smtp_use_tls = no
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = 
smtpd_delay_reject = yes
smtpd_enforce_tls = no
smtpd_error_sleep_time = 5s
smtpd_etrn_restrictions = 
smtpd_hard_error_limit = 100
smtpd_helo_required = no
smtpd_helo_restrictions = 
smtpd_history_flush_threshold = 100
smtpd_junk_command_limit = 100
smtpd_noop_commands = 
smtpd_null_access_lookup_key = <>
smtpd_recipient_limit = 1000
smtpd_recipient_restrictions = 
ldap:ldapmailenab,permit_tls_clientcerts,permit_sasl_authenticated,permit_mynetworks, 
check_relay_domains
smtpd_restriction_classes = 
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_sender_login_maps = 
smtpd_sender_restrictions = 
ldap:ldapmailenab,permit_tls_clientcerts,permit_sasl_authenticated,permit_mynetworks, 
check_relay_domains
smtpd_soft_error_limit = 10
smtpd_timeout = 300s
smtpd_tls_CAfile = 
smtpd_tls_CApath = 
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = no
smtpd_tls_ccert_verifydepth = 5
smtpd_tls_cert_file = 
smtpd_tls_cipherlist = 
smtpd_tls_dcert_file = 
smtpd_tls_dh1024_param_file = 
smtpd_tls_dh512_param_file = 
smtpd_tls_dkey_file = $smtpd_tls_dcert_file
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_req_ccert = no
smtpd_tls_session_cache_database = 
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_wrappermode = no
smtpd_use_tls = no
soft_bounce = no
stale_lock_time = 500s
strict_rfc821_envelopes = no
sun_mailtool_compatibility = no
swap_bangpath = yes
syslog_facility = mail
syslog_name = postfix
tls_daemon_random_bytes = 32
tls_daemon_random_source = dev:/dev/urandom
tls_random_bytes = 32
tls_random_exchange_name = ${config_directory}/prng_exch
tls_random_prng_update_period = 60s
tls_random_reseed_period = 3600s
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
transport_retry_time = 60s
trigger_timeout = 10s
undisclosed_recipients_header = To: undisclosed-recipients:;
unknown_address_reject_code = 450
unknown_client_reject_code = 450
unknown_hostname_reject_code = 450
verp_delimiter_filter = -=+
virtual_gid_maps = 
virtual_mailbox_base = 
virtual_mailbox_limit = 51200000
virtual_mailbox_lock = fcntl
virtual_mailbox_maps = 
virtual_maps = ldap:ldapvuser,hash:/etc/postfix/virtual
virtual_minimum_uid = 100
virtual_uid_maps = 

-- 
Bjarke Bruun - E-mail: bbj@xxxxxxxxx http://b-nss.com
   __   _
  / /  (_)__  __ ____  __
 / /__/ / _ \/ // /\ \/ /  . . .  t h e   c h o i c e   o f   a
/____/_/_//_/\_,_/ /_/\_\              G N U   g e n e r a t i o n . . .
References

Hvordan stopper jeg et Postfix open relay?
From: Bjarke Bruun, 2003-04-30
Re: Hvordan stopper jeg et Postfix open relay?
From: Anders Melchiorsen, 2003-04-30