Hi,
I have some question regarding Postfix 2.9.6-1.2.1.i586 which comes with openSUSE 12.3
- /etc/sysconfig has variable POSTFIX_LISTEN
# NOTE: If not set, LISTEN on all interfaces
POSTFIX_LISTEN=""
But it listens only on 127.0.0.1:
# netstat -at | grep smtp
tcp 0 0 localhost:smtp *:* LISTEN
Shouldn’t it listen on *:smtp as it is described in sysconfig?
- This is how Relay described:
# The relay_domains parameter restricts what destinations this system will
# relay mail to. See the smtpd_recipient_restrictions description in
# postconf(5) for detailed information.
#
# By default, Postfix relays mail
# - from "trusted" clients (IP address matches $mynetworks) to any destination,
# - from "untrusted" clients to destinations that match $relay_domains or
# subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
#
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces or $proxy_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_alias_domains,
# - destinations that match $virtual_mailbox_domains.
# These destinations do not need to be listed in $relay_domains.
Right after installing everything looks like it should deny mail which requires relay:
# postconf -d | grep "mydestination\|relay_domains"
fast_flush_domains = $relay_domains
mydestination = $myhostname, localhost.$mydomain, localhost
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps
relay_domains = $mydestination
relay_domains_reject_code = 554
But I do a test:
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 extsmtp.test.lan ESMTP
HELO extsmtp
250 extsmtp.test.lan
MAIL FROM:<hacker@external.lan>
250 2.1.0 Ok
RCPT TO:<victim@nonexisting.lan>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Spam goes here
.
250 2.0.0 Ok: queued as CCA1F203FC
QUIT
221 2.0.0 Bye
Connection closed by foreign host.
In this test I used nonexisting names, which don’t belong to neigher trusted/untrusted nor to $mydestination. Why is it accepting such mail? Why isn’t it generate “Relay denied” error?
Thanks for any comments