(Slightly) open relay

I've been trying to set postfix up to act as a backup mail server. I tested it using the tools at ordb.org, and it reported that it does not appear to be an open relay. When I checked the logs, however, I found a couple of lines like this:

Feb 28 18:33:38 mail2 postfix/smtp[21592]: 03FA457EED: to=<[email protected]>, relay=smssmtp93.yyy.gov.tw[xxx.29.159.xx], delay=15, status=sent (250 M2006030102441004449 Message accepted for delivery)
Mar  1 13:05:21 mail2 postfix/smtp[2707]: 2B26557EE4: to=<[email protected]>, relay=mail.yyy.com[xxx.114.216.xxx], delay=147106, status=sent (250 2.0.0 k21D5aMO014409 Message accepted for delivery)</[email protected]></[email protected]> 

When I saw this, I shut down postfix right away, but I can't see how this is happening. Here's my config:

main.cf:

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
inet_interfaces = all
relay_domains = hash:/etc/postfix/relays
transport_maps = hash:/etc/postfix/transport
smtpd_recipient_restrictions = check_relay_domains

relays:

my.domain.tld OK

transport:

my.domain.tld smtp:mail.my.domain.tld

Can anyone see the problem?

3 Replies

I don't use Postfix, but you might check to see where the messages say they're from. It might be accepting and forwarding mail that looks like it's from a [email protected] and is to [email protected]

@stocksy:

I've been trying to set postfix up to act as a backup mail server. I tested it using the tools at ordb.org, and it reported that it does not appear to be an open relay. When I checked the logs, however, I found a couple of lines like this:

Feb 28 18:33:38 mail2 postfix/smtp[21592]: 03FA457EED: to=<[email protected]>, relay=smssmtp93.yyy.gov.tw[xxx.29.159.xx], delay=15, status=sent (250 M2006030102441004449 Message accepted for delivery)
Mar  1 13:05:21 mail2 postfix/smtp[2707]: 2B26557EE4: to=<[email protected]>, relay=mail.yyy.com[xxx.114.216.xxx], delay=147106, status=sent (250 2.0.0 k21D5aMO014409 Message accepted for delivery)</[email protected]></[email protected]> 

Those are two different outgoing messages. How about posting the full transaction, incoming and outgoing?

I'm not a postfix expert, but it looks like you're accepting email from anybody who claims to be from your my.domain.tld with no verification that they're coming from a trusted host. I have

mynetworks = 192.168.0.0/16,127.0.0.0/8
smtpd_recipient_restrictions =
      reject_invalid_hostname,
      reject_non_fqdn_hostname,
      reject_non_fqdn_sender,
      reject_non_fqdn_recipient,
      reject_unknown_sender_domain,
      reject_unauth_pipelining,
      permit_mynetworks,
      reject_unauth_destination,
      reject_rbl_client sbl-xbl.spamhaus.org,
      reject_rbl_client relays.ordb.org,
      reject_rbl_client list.dsbl.org,
      reject_rbl_client korea.services.net,
      permit

Thanks for your replies. ptomblin, you were right in saying that I needed to examine the whole transaction.

Mar 10 06:45:09 mail2 postfix/smtpd[27979]: connect from unknown[xxx.xxx.202.132]
Mar 10 06:45:10 mail2 postfix/smtpd[27979]: warning: support for restriction "check_relay_domains" will be removed from Postfix; use "reject_unauth_destination" instead
Mar 10 06:45:10 mail2 postfix/smtpd[27979]: warning: restriction `reject_unauth_destination' after `check_relay_domains' is ignored
Mar 10 06:45:10 mail2 postfix/smtpd[27979]: E3BF157EA1: client=unknown[xxx.xxx.202.132]
Mar 10 06:45:11 mail2 postfix/cleanup[27983]: E3BF157EA1: message-id=<[email protected]>
Mar 10 06:45:11 mail2 postfix/qmgr[21151]: E3BF157EA1: from=<[email protected]>, size=3451, nrcpt=1 (queue active)
Mar 10 06:45:12 mail2 postfix/smtpd[27979]: disconnect from unknown[xxx.xxx.202.132]
Mar 10 06:45:13 mail2 postfix/smtp[27984]: E3BF157EA1: to=<[email protected]>, relay=mail.toastputer.net[69.93.127.12], delay=3, status=bounced (host mail.toastputer.net[69.93.127.12] said: 550 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table (in reply to RCPT TO command))
Mar 10 06:45:13 mail2 postfix/cleanup[27983]: E1B5A57ED7: message-id=<[email protected]>
Mar 10 06:45:13 mail2 postfix/qmgr[21151]: E3BF157EA1: removed
Mar 10 06:45:13 mail2 postfix/qmgr[21151]: E1B5A57ED7: from=<>, size=5454, nrcpt=1 (queue active)
Mar 10 06:45:28 mail2 postfix/smtp[27984]: E1B5A57ED7: to=<[email protected]>, relay=mailgw1.xxxxxx.or.jp[xxx.xxx.106.55], delay=15, status=sent (250 ok 1141973167 qp 27149)
Mar 10 06:45:28 mail2 postfix/qmgr[21151]: E1B5A57ED7: removed</[email protected]></[email protected]></[email protected]></[email protected]> 

Like a moron, I was just grepping the log for 'status=sent' where the recipient was not one of my domains. I was failing to account for bounce messages. I guess I need to read up on reducing backscatter!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct