I have ISPConfig set up according to http://www.howtoforge.com/perfect_setup_fedora_core_5 and ran into a problem I never noticed before. It seems that postfix is relaying email without requiring authentication. As far as I can tell, I have followed the Howto and everything else seems to work perfectly. Can someone please suggest how to lock down Postfix or what I should check to see what might be wrong?
I should also mention that I have installed ASSP spam filtering although I don't know if that would make a difference, which means it probably does.
If you followed the perfect setup guide, your server is not relaying mail. Please post the content of the main.cf file and the log lines from your mail.log that makes you thing that the setup relays mail.
Thanks for replying Till! It has been a long time since I have been around! That means things have been going too smoothly with ISPConfig. The damn thing just keeps working like it should! And, it turned out to be a problem unrelated to ISPConfig. I made some changes to the ASSP configuration and it started working as I would have expected. I didn't go based on logs though, what I did instead was ran about 40 different "open relay" exploits against it. I sent mail from my local mail client from accounts that shouldn't have been able to relay and checked for receipt on another of my addresses served by a separate server. Previous to the changes I made to the ASSP config, about 5 of the 40 mails got through. Now though, none of them do. The main change I made was at the ASSP admin panel under "Relaying", I unchecked "Skip Local Domain Check". The note underneath that reads, "Do not check relaying based on localDomains. Let the mailserver do it." So, what I am guessing is that Postfix is seeing mail coming from ASSP as coming from a local domain and so accepting it automatically? Or, am I not understanding it correctly? In any event, it's working well now so the questions are mainly academic at this point. By they way, I haven't paid the subscription all this time because of the support from this forum, although the support here is GREAT, I pay it each 6 months since I started using ISPConfig just because ISPConfig is worth so much more.
I guess you have 127.0.0.0/8 in mynetworks in /etc/postfix/main.cf. That means that any application that is on the same server can send without authentication.
Exactly. But, I'm not sure that my "fix" didn't cause other problems as well now. Is there a a "right" way to set up ASSP to work with an ISPConfig install with PostFix?
