Azekeil (azekeil) wrote,
Azekeil
azekeil
  • Mood: tired

[Geek] Postfix default configuration allows subnet open relay

Not sure who has seen this problem but certainly on Fedora Core 5, postfix in its default configuration allows relaying from all subnets local to the machine, including local internet subnets on your ISP if your machine is connected directly to the internet. This is not necessarily obvious as testing by other sources to see if your machine is an open relay will not reveal this misconfiguration.

I discovered this after Postfix had crashed under the weight of spam a machine on my ISP's local subnet was sending through me.

The fix is to change mynetworks_style from the default of subnet to host. You do use authenticated sending only, right? (check smtpd_recipient_restrictions includes permit_sasl_authenticated and not a lot else).

I debugged this and was up to 2am last night clearing up after the mess.
Tags: geek
Subscribe

  • An update from Bolton

    First, hello to all the people I've just added in this neck of the woods! Nice to meet and get to know you all a little :) Second, I'm staying here…

  • Ugh.

    Life has been really busy of late. Well, really busy and really.. not busy. Ugh, I'll try and explain. Work has been really busy, pushing me to the…

  • Roundup

    No update for a while as I've basically been busy at work. Haven't done much else - just quietly enjoyed time to myself or gentle socialising :)…

  • Post a new comment

    Error

    switch
    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
    Help
  • 18 comments

  • An update from Bolton

    First, hello to all the people I've just added in this neck of the woods! Nice to meet and get to know you all a little :) Second, I'm staying here…

  • Ugh.

    Life has been really busy of late. Well, really busy and really.. not busy. Ugh, I'll try and explain. Work has been really busy, pushing me to the…

  • Roundup

    No update for a while as I've basically been busy at work. Haven't done much else - just quietly enjoyed time to myself or gentle socialising :)…