Azekeil (azekeil) wrote,

  • Mood:

[Geek] Postfix default configuration allows subnet open relay

Not sure who has seen this problem but certainly on Fedora Core 5, postfix in its default configuration allows relaying from all subnets local to the machine, including local internet subnets on your ISP if your machine is connected directly to the internet. This is not necessarily obvious as testing by other sources to see if your machine is an open relay will not reveal this misconfiguration.

I discovered this after Postfix had crashed under the weight of spam a machine on my ISP's local subnet was sending through me.

The fix is to change mynetworks_style from the default of subnet to host. You do use authenticated sending only, right? (check smtpd_recipient_restrictions includes permit_sasl_authenticated and not a lot else).

I debugged this and was up to 2am last night clearing up after the mess.
Tags: geek

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.