[Geek] Postfix default configuration allows subnet open relay: azekeil

[Geek] Postfix default configuration allows subnet open relay

Not sure who has seen this problem but certainly on Fedora Core 5, postfix in its default configuration allows relaying from all subnets local to the machine, including local internet subnets on your ISP if your machine is connected directly to the internet. This is not necessarily obvious as testing by other sources to see if your machine is an open relay will not reveal this misconfiguration.

I discovered this after Postfix had crashed under the weight of spam a machine on my ISP's local subnet was sending through me.

The fix is to change mynetworks_style from the default of subnet to host. You do use authenticated sending only, right? (check smtpd_recipient_restrictions includes permit_sasl_authenticated and not a lot else).

I debugged this and was up to 2am last night clearing up after the mess.

Tags: geek

Post a new comment
Error
We will log you in after post

We will log you in after post

We will log you in after post

We will log you in after post

We will log you in after post

Anonymously

switch

LiveJournal

Facebook

Twitter

OpenId

Google

MailRu

VKontakte

Anonymously

default userpic

Your reply will be screened

Your IP address will be recorded

When you submit the form an invisible reCAPTCHA check will be performed.
You must follow the Privacy Policy and Google Terms of use.

Preview comment

Help
19 comments

Post a new comment
19 comments

Log in

[Geek] Postfix default configuration allows subnet open relay

Error