Postfix - How to prevent external clients from using my server as a relay?

ubuntu email postfix email-server linux-networking
10,184

Solution 1

Your smtpd_relay_restrictions should prevent that anyone can connect to my server and use it as an open relay for spam.

The value of mynetworks does not determine if others can email you. 127.0.0.0/8 is a correct value 0.0.0.0/0 is not.

What determines if email for your account [email protected] is accepted is determined by the settings that inform postfix that it should accept email for the example.com domainname, such as mydestination

Solution 2

the setting of smtpd_relay_restrictions you have is correct except that you defined your mynetworks wide open (shown below from your main.cf)

mynetworks = 0.0.0.0/0

Just remove mynetworks; the default value should restrict relay access. For example, mine comes out as shown below with default.

postconf -d |grep mynetworks
mynetworks = 127.0.0.0/8 192.168.1.0/24

You should really test your server to ensure that is not an open relay. There are lot of online tools available ex: http://www.mydnstools.info/smtprelay

Ref: http://www.postfix.org/SMTPD_ACCESS_README.html

Share:
10,184

Related videos on Youtube

Luis Cruz
Author by

Luis Cruz

Updated on September 18, 2022

Comments

  • Luis Cruz
    Luis Cruz over 1 year

    I have a postfix server installed on Ubuntu 14.04. A PHP script running on the machine uses it to send outgoing email. Additionally, I use postfix to receive mail sent to a local account, which is then forwarded to my personal gmail.

    However, this means that anyone can connect to my server and use it as an open relay for spam. How can I prevent remote connections from relaying email?

    This is my main.cf:

    smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = aviacao.pt
virtual_alias_maps = hash:/etc/postfix/virtual
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = aviacao.pt, localhost.localdomain, localhost
relayhost = 
mynetworks = 0.0.0.0/0
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4

    If I change mynetworks to 127.0.0.0/8 then people won't be able to send email to the local account.

    • Jenny D
      Jenny D over 9 years
      Go to postfix.org and look at the Documentation link. If you are putting a mailserver on the internet, you need to actually know how it works, not just follow instructions on a QA site.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What should I set in postfix's myhostname / mydestination?
Helo command rejected: Host not found - even though i don't have configured reject_unknown_helo_hostname
Postfix unable to create lock file, permission denied
how to send a copy to another email address of all incoming messages from an email account?(postfix)
Port 25 blocked, change ubuntu mailout to open port
Postfix can send but not receive mail
Postfix problems sending mail to gmail addresses
Multiple mail servers for a single domain
ubuntu PostFix + Dovecot mail server
Reinstall Postfix