Results 1 to 4 of 4
I am running a postfix server. When I test open relay through some of the open relay web pages on the internet it reports "No open relay". But, I can ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 09-15-2005 #1
- Join Date
- Jan 2005
Spam, PostFix, OPen Relay question
There is no security in place, like POP-BEFORE-SEND or anything like that. So how can I tell if this thing is open relay or not?
Also, I have people with mail clients like outlook or are able to connect to postfix and send mail to anyone....
I don't get it. It seems like open relay (which I do not want), but, open relay web programs are saying no.... What gives.
- 09-15-2005 #2
You're able to log into your normal user account locally and send mail? How would you manage to send any email if you prevented this from happening?
An open relay forwards email from other computers to other computers - provided your computer isn't passing mail on from just anywhere, but limits access to itself and to any computers on the local lan, then it's not an open relay.
If you friends can log into their account on that computer and send mail normally, then the system is working fine for them.
- 09-15-2005 #3
Originally Posted by Roxoff
- Join Date
- Jan 2005
Is the mail client connecting and sending email regardless of authorization not the same as Open Relay?
- 09-15-2005 #4
How can they connect? If they are using one of the service ports, can you not just close that port down on the external interface?
I'm no expert on Postfix, I use sendmail, with which I've managed to completely lock my system down - the lan users can send email because it is verified by sender domain and machine IP address. Nobody else gets a look in. The only mail route through the firewall is on port 25, which is straight to my email server which only accepts email for my own domain, i.e it rejects relay attempts unless it can verify both the IP address and sender domain. People inside the lan can connect using imap or pop3 (at their own choice), because the server supports both, but there is no route through the firewall from the internet on those ports.