Hello folks, i was going along lucky with ISPConfig for half a year but today in the morning I've received an email from our university network administrator. It states that the server I've set up after "The Perfect Setup of ISPConfig for Suse 9.3" has an open mail relay; and whether I could arrange for it to be closed please I am a bit confused now as I thought the installation routine was quite worked out. Is it because we can send emails at the moment without requested authentication? Any help would be appreciated. Thanks!!!
Here is /etc/postfix/main.cf Code: queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/lib/postfix mail_owner = postfix unknown_local_recipient_reject_code = 550 debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq setgid_group = maildrop html_directory = /usr/share/doc/packages/postfix/html manpage_directory = /usr/share/man sample_directory = /usr/share/doc/packages/postfix/samples readme_directory = /usr/share/doc/packages/postfix/README_FILES inet_protocols = all biff = no mail_spool_directory = /var/mail canonical_maps = hash:/etc/postfix/canonical #virtual_maps = hash:/etc/postfix/virtual relocated_maps = hash:/etc/postfix/relocated transport_maps = hash:/etc/postfix/transport sender_canonical_maps = hash:/etc/postfix/sender_canonical masquerade_exceptions = root masquerade_classes = envelope_sender, header_sender, header_recipient myhostname = alpheratz.$mydomain program_directory = /usr/lib/postfix inet_interfaces = all masquerade_domains = #mydestination = $myhostname, localhost.$mydomain defer_transports = disable_dns_lookups = no relayhost = xxx name of our university server here xxx mailbox_command = mailbox_transport = smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = strict_rfc821_envelopes = no smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains smtp_sasl_auth_enable = no smtpd_sasl_auth_enable = yes smtpd_use_tls = yes smtp_use_tls = yes alias_maps = hash:/etc/aliases mailbox_size_limit = 0 message_size_limit = 10240000 mydomain = xxx domain name of our university department xxx smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_tls_auth_only = no smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom #home_mailbox = Maildir/ #virtual_maps = hash:/etc/postfix/virtusertable #mydestination = /etc/postfix/local-host-names Hope it does help you till. Thanks in beforehand for all the efforts!
Sorry for a late reply falko but our offices were closed during the weekend due to some technical problems. Here are outputs you wanted to see postconf -d|grep mynetworks Code: mynetworks = 127.0.0.0/8 149.170.0.0/16 mynetworks_style = subnet parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks} smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination and postconf -n|grep mynetworks Code: smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains Thanks again for all the hard work!
Please change mynetworks from: mynetworks = 127.0.0.0/8 149.170.0.0/16 to: mynetworks = 127.0.0.0/8 Do you have any relay domains defined?
Hi till, cheers for the fast reply! I did change the "mynetworks" settings like you've said. I didn't do anything different from the description given in the HOWTO "The Perfect Setup of ISPConfig for Suse 9.3". Hope this gives you the answer you wanted. Is the problem with the open rely issue solved by applying the corrections you've suggested? Many thanks!
The 149.170.0.0/16 told your network/postfix that anyone with an IP from149.170.0.1 to 149.170.255.254 was a local user and okay to use your mailserver. (about 64770 IP's)
Not sure about the Suse setup, but it should not be there! Maybe do a rootkit scan, to see if you are okay? More info @ www.rootkit.nl/
