Postfix- open relay. How to configure so it is not?

centos postfix smtp spam
31,209

Solution 1

mynetworks must only contain trusted users that can use the server to relay mails to other domains - otherwise, as you've found, it's an open relay. You might want to set it to 192.168.0.0/16, 10/8 or 172.16.0.0/12 if using RFC 1918 addresses on your internal network.

The settings that control whether people can send mail to your server include mydestination and virtual_mailbox_domains - read the docs here or here.

Solution 2

The problem that opens you up is the 

mynetworks = 0.0.0.0/0

Cause somewhere below you probably have it listed in

smtpd_recipient_restrictions = ... permit_mynetworks ...

If you need to be able to send email from any ip then you just look at enabled a user/password to send email which the common one is sasl

Solution 3

As documented at http://www.postfix.org/postconf.5.html#mynetworks :

mynetworks (default: see "postconf -d" output)
The list of "trusted" remote SMTP clients that have more privileges than "strangers".

In particular, "trusted" SMTP clients are allowed to relay mail through Postfix.
See the smtpd_recipient_restrictions parameter description in the postconf(5) manual.

Share:
31,209

Related videos on Youtube

Lock
Author by

Lock

Updated on September 18, 2022

Comments

  • Lock
    Lock over 1 year

    I have setup Postfix but am having trouble with the setup.

    Whenever I used to send emails to the server, it reject my mails saying 'Relaying Denied', so I changed the following in main.cf:

    mynetworks = 0.0.0.0/0
mynetworks_style = subnet

    I can now send email and it works, but MX tests say that it is an open relay (obviously unintended).

    How can I resolve this? I obviously want anybody to be able to email my domain, but I'm unsure of the configuration.

    I know I can change the mynetworks, but then doesn't this restrict who CAN email to the server?

    • nickgrim
      nickgrim over 11 years
      Are you trying to relay mail through this server, or to deliver mail to this server?
    • adaptr
      adaptr over 11 years
      Makes no difference with respect to this issue, since an open relay is an open relay. Email is not a trivial undertaking.
  • adaptr
    adaptr over 11 years
    mydestination, relay_domains, and virtual_[alias|mailbox]_maps. NOT virtual_[alias|mailbox]_DOMAINS.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Use postfix and spamassassin packages on CentOS 6 to reject SPAM - without custom users and scripts
setting up a relay port for postfix smtp on CentOS 7
CentOS postfix smtp server connection refused from outside
Linux - Postfix - Outgoing emails block on port 25 by ISP
Sending mail from Postfix via Gmail: unable to get local issuer certificate, certificate not trusted, No worthy mechs found
Postfix & TLS is configured correctly, but Thunderbird throws cryptic errors when trying to send email via SMTP & STARTTLS?
Postfix Problem (helo/hostname mismatch)!
Outbound emails not being signed with DKIM using Postfix on Centos
How do I configure PostFix to allow phpmailer to send out email through it?
Postfix: send all bounce messages to postmaster