Robo wrote:
> Hi,
>
> We're currently still configuring our Postfix server, but can't work out
> the logic of why it's acting like an open relay. We sent an email from
> and to a foreign server, and Postfix is delivering it, we thought the
> default Postfix rule would reject mails with a foreign RCPT TO address.
>
> Postfix's main.cf is as follow:
>
> # See /usr/share/postfix/main.cf.dist for a commented, more complete
> version
>
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> biff = no
>
> # appending .domain is the MUA's job.
> append_dot_mydomain = no
>
> # Uncomment the next line to generate "delayed mail" warnings
> #delay_warning_time = 4h
>
> myhostname = localhost
> #alias_maps = hash:/etc/aliases
> #alias_database = hash:/etc/aliases
> #myorigin = /etc/mailname
> myorigin = $myhostname
> mydestination = localhost
> relayhost =
> mynetworks = 127.0.0.0/8
> #mailbox_command = procmail -a "$EXTENSION"
> mailbox_size_limit = 0
> recipient_delimiter = +
> inet_interfaces = all
> virtual_mailbox_domains = /etc/postfix/vhosts.txt
> virtual_mailbox_base = /var/spool/vmail
> virtual_mailbox_maps = hash:/etc/postfix/vmaps.txt
> virtual_uid_maps = static:110
> virtual_gid_maps = static:111
> virtual_alias_maps = hash:/etc/postfix/valias.txt
>
> Here's the log that shows it relaying an email from and to another
> unrelated domain:
>
> Apr 2 05:41:47 postfix/smtpd[25999]: connect from [IP ADDRESS]
> Apr 2 05:41:48 postfix/smtpd[25999]: 274D41957B1D: client=[IP ADDRESS]
> Apr 2 05:41:48 postfix/pickup[25965]: 834F61957B1E: uid=0
> from=<robo@foreign-domain.com>
> Apr 2 05:41:48 postfix/cleanup[26002]: 834F61957B1E:
> message-id=<442FC68B.8090601@foreign-domain.com>
> Apr 2 05:41:48 postfix/qmgr[25966]: 834F61957B1E:
> from=<robo@foreign-domain.com>, size=640, nrcpt=1 (queue active)
> Apr 2 05:41:48 postfix/smtpd[25999]: disconnect from [IP ADDRESS]
> Apr 2 05:41:49 postfix/smtp[26004]: 834F61957B1E:
> to=<robo@foreign-domain.com>, relay=foreign-domain.com[DOMAIN IP],
> delay=1, status=sent (250 OK id=1FQ1tv-0003Oj-3H)
> Apr 2 05:41:49 postfix/qmgr[25966]: 834F61957B1E: removed
>
> And the test result from abuse.net:
>
> <<< 220 localhost ESMTP Postfix (Debian/GNU)
> >>> HELO www.abuse.net
> <<< 250 localhost
> Relay test 1
> >>> RSET
> <<< 250 Ok
> >>> MAIL FROM:<spamtest@abuse.net>
> <<< 250 Ok
> >>> RCPT TO:<securitytest@abuse.net>
> <<< 250 Ok
> Relay test result
> Hmmn, at first glance, host appeared to accept a message for relay.
>
> The config seems pretty default, so don't see why Postfix would be
> relaying emails. One of the odd thing is our domains setup, don't know
> if this would affect things.
>
> Main domain is hosted on separate server (server A).
>
> DNS for this domain configured with A record for subdomain to point to
> the new server (server B) that has Postfix installed. There is an
> additional MX record (with a lower priority) for the subdomain pointing
> to the subdomain's server.
>
> The subdomain's server (B) is configured to be the main domain, but as
> we're currently migrating, it's not hosting the main domain yet.
>
> Don't think this would affect the relaying. The only line in vhosts.txt
> is the subdomain used to point to the new server, but we're already
> tried removing that line too, and it's still relaying.
>
> So, what could be causing this issue, and what can we do to fix it?
>
> Robo
>
>

For one thing, these look wrong:
myhostname = localhost
mydestination = localhost

Should look something like:
nydomain = mydomain.com
myhostname = hostname.mydomain.com
mydestination = hostname.mydomain.com, localhost.mydomain.com, localhost
relaydomains = mydomain.com

But offhand I don't know if this is what is causing the relaying. If it's still a problem,
post the output of "postconf -n", without hiding too much of the information, such as "connect from [IP ADDRESS]".
--
Greg

Greg Hackney wrote:
> Robo wrote:
>> Hi,
>>
>> We're currently still configuring our Postfix server, but can't work
>> out the logic of why it's acting like an open relay. We sent an email
>> from and to a foreign server, and Postfix is delivering it, we thought
>> the default Postfix rule would reject mails with a foreign RCPT TO
>> address.
>>
>> Postfix's main.cf is as follow:
>>
>> # See /usr/share/postfix/main.cf.dist for a commented, more complete
>> version
>>
>> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
>> biff = no
>>
>> # appending .domain is the MUA's job.
>> append_dot_mydomain = no
>>
>> # Uncomment the next line to generate "delayed mail" warnings
>> #delay_warning_time = 4h
>>
>> myhostname = localhost
>> #alias_maps = hash:/etc/aliases
>> #alias_database = hash:/etc/aliases
>> #myorigin = /etc/mailname
>> myorigin = $myhostname
>> mydestination = localhost
>> relayhost =
>> mynetworks = 127.0.0.0/8
>> #mailbox_command = procmail -a "$EXTENSION"
>> mailbox_size_limit = 0
>> recipient_delimiter = +
>> inet_interfaces = all
>> virtual_mailbox_domains = /etc/postfix/vhosts.txt
>> virtual_mailbox_base = /var/spool/vmail
>> virtual_mailbox_maps = hash:/etc/postfix/vmaps.txt
>> virtual_uid_maps = static:110
>> virtual_gid_maps = static:111
>> virtual_alias_maps = hash:/etc/postfix/valias.txt
>>
>> Here's the log that shows it relaying an email from and to another
>> unrelated domain:
>>
>> Apr 2 05:41:47 postfix/smtpd[25999]: connect from [IP ADDRESS]
>> Apr 2 05:41:48 postfix/smtpd[25999]: 274D41957B1D: client=[IP ADDRESS]
>> Apr 2 05:41:48 postfix/pickup[25965]: 834F61957B1E: uid=0
>> from=<robo@foreign-domain.com>
>> Apr 2 05:41:48 postfix/cleanup[26002]: 834F61957B1E:
>> message-id=<442FC68B.8090601@foreign-domain.com>
>> Apr 2 05:41:48 postfix/qmgr[25966]: 834F61957B1E:
>> from=<robo@foreign-domain.com>, size=640, nrcpt=1 (queue active)
>> Apr 2 05:41:48 postfix/smtpd[25999]: disconnect from [IP ADDRESS]
>> Apr 2 05:41:49 postfix/smtp[26004]: 834F61957B1E:
>> to=<robo@foreign-domain.com>, relay=foreign-domain.com[DOMAIN IP],
>> delay=1, status=sent (250 OK id=1FQ1tv-0003Oj-3H)
>> Apr 2 05:41:49 postfix/qmgr[25966]: 834F61957B1E: removed
>>
>> And the test result from abuse.net:
>>
>> <<< 220 localhost ESMTP Postfix (Debian/GNU)
>> >>> HELO www.abuse.net
>> <<< 250 localhost
>> Relay test 1
>> >>> RSET
>> <<< 250 Ok
>> >>> MAIL FROM:<spamtest@abuse.net>
>> <<< 250 Ok
>> >>> RCPT TO:<securitytest@abuse.net>
>> <<< 250 Ok
>> Relay test result
>> Hmmn, at first glance, host appeared to accept a message for relay.
>>
>> The config seems pretty default, so don't see why Postfix would be
>> relaying emails. One of the odd thing is our domains setup, don't know
>> if this would affect things.
>>
>> Main domain is hosted on separate server (server A).
>>
>> DNS for this domain configured with A record for subdomain to point to
>> the new server (server B) that has Postfix installed. There is an
>> additional MX record (with a lower priority) for the subdomain
>> pointing to the subdomain's server.
>>
>> The subdomain's server (B) is configured to be the main domain, but as
>> we're currently migrating, it's not hosting the main domain yet.
>>
>> Don't think this would affect the relaying. The only line in
>> vhosts.txt is the subdomain used to point to the new server, but we're
>> already tried removing that line too, and it's still relaying.
>>
>> So, what could be causing this issue, and what can we do to fix it?
>>
>> Robo
>>
>>
>
> For one thing, these look wrong:
> myhostname = localhost
> mydestination = localhost
>
> Should look something like:
> nydomain = mydomain.com
> myhostname = hostname.mydomain.com
> mydestination = hostname.mydomain.com, localhost.mydomain.com,
> localhost
> relaydomains = mydomain.com
>
> But offhand I don't know if this is what is causing the relaying. If
> it's still a problem,
> post the output of "postconf -n", without hiding too much of the
> information, such as "connect from [IP ADDRESS]".
> --
> Greg
>

Thanks for the response, the reason why we set things to myhostname and
mydestination to localhost was because we wanted to make everything a
virtual domain, instead of one real domain and the rest virtual, that
way we don't have to configure things twice, as recommended on this page:

http://www.howtoforge.com/linux_postfix_virtual_hosting

mydestination was to localhost because the Postfix docs say do not
specify the names of virtual domains to it, and all our domains are
virtual domains. Basically we did have them as real domains, then we
tried to be as restrictive as possible in an attempt to stop it from
relaying...but it's not working for some reason.

lines like connect from [IP ADDRESS] is my home IP address, different to
the server's network and the domain of the email address. I had to
remove the domain name of the mail server, 'cos probably not a good idea
to post the address of an open relay.

Here's result of postconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination = localhost
myhostname = localhost
mynetworks = 127.0.0.0/8
myorigin = $myhostname
recipient_delimiter = +
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
virtual_alias_maps = hash:/etc/postfix/valias.txt
virtual_gid_maps = static:111
virtual_mailbox_base = /var/spool/vmail
virtual_mailbox_domains = /etc/postfix/vhosts.txt
virtual_mailbox_maps = hash:/etc/postfix/vmaps.txt
virtual_uid_maps = static:110

Hope you can have some clues to what could be causing it to relay,
thanks for your .

Robo

Robo, according to the man page:

By default, the Postfix SMTP server accepts:

Mail from clients whose IP address matches $mynetworks, or:

Mail to remote destinations that match $relay_domains, except
for addresses that contain sender-specified routing (user@else-
where@domain), or:

Mail to local destinations that match $inet_interfaces or
$proxy_interfaces, $mydestination, $virtual_alias_domains, or
$virtual_mailbox_domains.

In looking at the output of your "postconf -n" command, the only thing it
seems to point to would be a match on something in your virtual_mailbox_domains file.

If that's not it, then I'm at a total loss.

--
Greg

Greg Hackney wrote:
> Robo, according to the man page:
>
> By default, the Postfix SMTP server accepts:
>
> Mail from clients whose IP address matches $mynetworks, or:
>
> Mail to remote destinations that match $relay_domains, except
> for addresses that contain sender-specified routing (user@else-
> where@domain), or:
>
> Mail to local destinations that match $inet_interfaces or
> $proxy_interfaces, $mydestination, $virtual_alias_domains, or
> $virtual_mailbox_domains.
>
> In looking at the output of your "postconf -n" command, the only thing it
> seems to point to would be a match on something in your
> virtual_mailbox_domains file.
>
> If that's not it, then I'm at a total loss.
>
> --
> Greg

Found the problem by the way. It was xinetd. Once I edited xinetd's
sendmail config file to disable all the stuff inside, Postfix worked
fine, passed all the abuse.net relay tests.

xinetd was on by default in the Debian setup. I'm sure I'm not the only
one who used xinetd with Postfix, so no idea why Google didn't come up
with anything.

I'll like to know why xinetd would cause Postfix to act as open relay,
could it be 'cos it forwards the requests to Postfix, so Postfix thinks
it's coming from localhost? Would have thought tons of other people
would have encountered this before me...

Robo

> Found the problem by the way. It was xinetd. Once I edited xinetd's
> sendmail config file to disable all the stuff inside, Postfix worked
> fine, passed all the abuse.net relay tests.
>
> xinetd was on by default in the Debian setup. I'm sure I'm not the only
> one who used xinetd with Postfix, so no idea why Google didn't come up
> with anything.
>
> I'll like to know why xinetd would cause Postfix to act as open relay,
> could it be 'cos it forwards the requests to Postfix, so Postfix thinks
> it's coming from localhost? Would have thought tons of other people
> would have encountered this before me...
>
> Robo

As far as I know Postfix isn't supposed to be started from xinetd,
but from /etc/init.d/postfix

--
Greg