Welcome to Linux Forums! With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.
Find the answer to your Linux question:
New to Linux Forums? Register here for free!
    Linux Forums > GNU Linux Zone > Servers > Postfix Open Relay Issue

Forgot Password?
 Servers   Anything server related, Apache, MySQL, Samba, server security, sendmail, exim, etc

Site Navigation
Linux Articles
Linux Forums
Linux Downloads
Linux Hosting
Free Magazines
Job Board
IRC Chat
RSS Feeds


Linux Forum Topics
Linux Forums
Your Distro
Linux Resources
GNU Linux Zone
The Community
Reply
 
Thread Tools Display Modes
Old 4 Weeks Ago   #1 (permalink)
Just Joined!
 
Join Date: Feb 2005
Posts: 2
Postfix Open Relay Issue

Good day,

My postfix email server has been listed by dsnbl.njabl.org as an open relay, but I'm not sure why. I tested the server from another site, and it passes every test.

My main.cf is setup with the following:

header_checks = regexp:/etc/postfix/maps/header_checks
mime_header_checks = regexp:/etc/postfix/maps/mime_header_checks
body_checks = regexp:/etc/postfix/maps/body_checks

resolve_dequoted_address = yes
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/dsn_exceptions,
reject_rhsbl_sender rhsbl.ahbl.org,
reject_rhsbl_sender hash:/etc/postfix/access

smtpd_recipient_restrictions =
check_sender_access hash:/etc/postfix/dsn_exceptions,
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
check_sender_access hash:/etc/postfix/access,
check_sender_access hash:/etc/postfix/dsn_exceptions,
reject_rbl_client relays.mail-abuse.org
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client cn.rbl.cluecentral.net,
reject_rbl_client

Is there something obvious that I'm missing here?

Thanks for your help -
severian23 is offline  


Reply With Quote
Old 4 Weeks Ago   #2 (permalink)
Linux Engineer
 
jledhead's Avatar
 
Join Date: Oct 2004
Location: North Carolina
Posts: 1,032
did you look here
njabl.org

as my first line of defense I always send an email with telnet
Send Email via Telnet
and use bogus to's and from's so I can test for myself.

So the question is, can you connect to your mail server and not authenticate, and send an email?
jledhead is offline   Reply With Quote
Old 4 Weeks Ago   #3 (permalink)
Just Joined!
 
Join Date: Feb 2005
Posts: 2
Test results

According to njabl.org, their test was the following:

______________________________________
From postmaster@myemailserver.com Sat Oct 17 05:32:25 2009
Return-Path: <postmaster@myemailserver.com>
Received: from mail.myemailserver.com (mail.myemailserver.com [71.16.6.6])
by rt.njabl.org (8.13.1/8.13.1) with ESMTP id n9H9WJJt022844
for <relaytest@rr.njabl.org>; Sat, 17 Oct 2009 05:32:19 -0400
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.myemailserver.com (Postfix) with ESMTP id B229611B8534
for <relaytest@rr.njabl.org>; Sat, 17 Oct 2009 05:32:19 -0400 (EDT)
X-Virus-Scanned: amavisd-new at myemailserver.com
Received: from mail.myemailserver.com ([127.0.0.1])
by localhost (plq139.myemailserver.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id qo1fYAx8Ijq4 for <relaytest@rr.njabl.org>;
Sat, 17 Oct 2009 05:32:14 -0400 (EDT)
Received: from rt.njabl.org (unknown [69.28.95.130])
by mail.myemailserver.com (Postfix) with ESMTP id DCF3411B8530
for <relaytest@rr.njabl.org>; Sat, 17 Oct 2009 05:32:13 -0400 (EDT)
X-RT-Subject: relaytest: 71.16.6.6
X-RT-From: postmaster@myemailserver.com
X-RT-To: relaytest@rr.njabl.org
From: relaytestsend@rt.njabl.org
To: relaytest@rr.njabl.org
Message-id: <1255771933.22518.0@rt.njabl.org>
Subject: relaytest: 71.16.6.6
Date: Sat, 17 Oct 2009 05:32:13 -0400 (EDT)

______________________________________

So it looks like they said they were "postmaster@myemailserver.com", and my postfix was okay with that, even though the server they connected from was not myemailserver.com.... How would I adjust my config for that?
severian23 is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Free Magazines
Run Your Own Web Server Using Linux & Apache - Free 191 Page Preview
Learn about everything you'll need to build and maintain your Linux servers, and to deploy Web applications to them.
subscribe
Open Source Security Myths Dispelled
Dispel the five major myths surrounding Open Source Security and gain the tools necessary to make a truly informed decision for your IT organization
subscribe
InformationWeek
InformationWeek is the only newsweekly you'll need to stay on top of the latest developments in information technology.
subscribe



All times are GMT. The time now is 12:44 PM.






© 2000 - 2009 - All Rights Reserved - Property of  MAS Media

Content Relevant URLs by vBSEO 3.3.0 RC2