April 9th, 2008


[Geek] Postfix default configuration allows subnet open relay

Not sure who has seen this problem but certainly on Fedora Core 5, postfix in its default configuration allows relaying from all subnets local to the machine, including local internet subnets on your ISP if your machine is connected directly to the internet. This is not necessarily obvious as testing by other sources to see if your machine is an open relay will not reveal this misconfiguration.

I discovered this after Postfix had crashed under the weight of spam a machine on my ISP's local subnet was sending through me.

The fix is to change mynetworks_style from the default of subnet to host. You do use authenticated sending only, right? (check smtpd_recipient_restrictions includes permit_sasl_authenticated and not a lot else).

I debugged this and was up to 2am last night clearing up after the mess.
  • Current Mood
    tired tired
  • Tags