|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Question about open relay
From: Jason Williams (jwilliams
courtesymortgage.com)
Date: Wed Oct 01 2003 - 18:57:22 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thanks for your input...
Here is the output of my postconf -n:
alias_database = hash:/etc/postfix/maps/aliases
alias_maps = hash:/etc/postfix/maps/aliases
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
empty_address_recipient = MAILER-DAEMON
header_checks = regexp:/etc/postfix/maps/header_checks
inet_interfaces = all
local_recipient_maps =
local_transport = local
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 20000000
mydestination = $myhostname, localhost.$mydomain, $mydomain
mydomain = xxxxxxx.com
myhostname = blowfish.xxxxxx.com
mynetworks = 192.168.0.0/24, 127.0.0.0/8
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
queue_minfree = 8000000
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_destination_concurrency_limit = 5
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions =
smtpd_helo_required = yes
smtpd_helo_restrictions =
smtpd_recipient_limit = 30
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_unauth_pipelining,
check_recipient_access hash:/etc/postfix/maps/access, reject_rbl_client
relays.ordb.org, reject_rbl_client list.dsbl.org, reject_rbl_client
sbl.spamhaus.org, permit
transport_maps = hash:/etc/postfix/maps/transport
unknown_local_recipient_reject_code = 450
I did a a test at the following web site:
http://spamlart.homeunix.org/
And it came back clean. However, im sure there is more I can do to make
sure I do not have a open relay.
Thanks for everyones input.
Cheers,
Jason
At 01:55 AM 10/2/2003 +0200, you wrote:
>On Wed, Oct 01, 2003 at 04:46:55PM -0700,
> Jason Williams <jwilliamscourtesymortgage.com> wrote:
>
> > I have a question regarding open relays. I know what they are and why
> > they are very important.
>
>Yes, their non-existance is very important :-)
>
> > But what I wanted to know is, what measures can I take on my end to
> > ensure that my postfix Mail Gateway is not an open relay?
>
>Don't screw up the configuration. More seriously, make sure you
>understand the way Postfix' restrictions work. Postfix is safe with
>the default configuration, so don't fiddle around without a reason.
>
> > I've reading over the documentation on the postfix.org web site right
> > now, but I was hoping to get some insight on some extra added layers
> > of security I could use to ensure that my server is configured
> > correctly and is not an open relay.
>
>Post "postconf -n" to the list and we can take a look. Even if it isn't
>an open relay, you can probably get some good feedback and learn a thing
>or two.
>
>--
>Magnus Bäck
>magnusdsek.lth.se
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]