OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: internal open relay, but 'relaying denied'

From: mouss (moussnetoyen.net)
Date: Fri Dec 05 2008 - 10:50:08 CST

Alessandro Ballestriero a écrit :
> Mattias Berge ha scritto:
>> Hi,
>>
>> I want to configure an local open relay, no authentication etc.
>> I get "Relaying denied" from the local networks in mynetwork.
>>
>> Can anyone help me by telling me what I am missing?
>>
>> Dec 5 15:06:12 smtp postfix/smtpd[10374]: connect from
>> unknown[10.47.17.193 <http://10.47.17.193>]
>> Dec 5 15:06:12 smtp postfix/smtpd[10374]: NOQUEUE: reject: RCPT from
>> unknown[10.47.17.193 <http://10.47.17.193>]: 554 5.7.1 <destuser.com
>> <mailto:destuser.com>>: Relay access denied;
>> from=<srcuser.com <mailto:srcuser.com>> to=<destuser.com
>> <mailto:destuser.com>> proto=ESMTP helo=<[10.47.17.193
>> <http://10.47.17.193>]>
>> Dec 5 15:06:12 smtp postfix/smtpd[10374]: disconnect from
>> unknown[10.47.17.193 <http://10.47.17.193>]
>>
>> alias_database = hash:/etc/aliases
>> alias_maps = hash:/etc/aliases
>> append_dot_mydomain = no
>> biff = no
>> config_directory = /etc/postfix
>> inet_interfaces = all
>> local_recipient_maps =
>> mailbox_command = procmail -a "$EXTENSION"
>> mailbox_size_limit = 0
>> mydestination = relay.myhost.se <http://relay.myhost.se>, localhost
>> myhostname = relay.myhost.se <http://relay.myhost.se>
>> mynetworks = 127.0.0.0/8 <http://127.0.0.0/8>, 10.57.17.0/24
>> <http://10.57.17.0/24>, 192.168.100.0/24 <http://192.168.100.0/24>,
>> 1.2.3.4/32 <http://1.2.3.4/32>
>> recipient_delimiter = +
>> relay_domains =
>> relay_recipient_maps =
>> relayhost =
>> smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
>> smtpd_banner = $myhostname ESMTP $mail_name
>> smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
>> smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
>> smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
>> smtpd_use_tls = yes
>>
>>
>> --
>> Mattias Berge
> Hi try add in main.cf
>
> smtpd_recipient_restrictions = permit_mynetworks, permit

This is equivalent to
smtpd_recipient_restrictions = permit
and both don't work because postfix prevents you from shooting yourself
(hint: open relay).

and anyway, 10.47.17.193 is not in mynetworks.

>
> Save and restart postfix
>