Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I have 2 PCs on a LAN:
A - (192.168.0.1) Windows, ADSL to the Internet, WinGate NAT.
B - (192.168.0.4) Mandrake 9.2, Postfix.
My question in a nutshell: is there a way to configure Postfix so that
I can send mail from a client on the Windows machine to the Internet,
and at the same time not be an open relay?
Although I followed all the good advice I found in the documentations,
in various FAQs and in verious posts, Postfix remains an open relay.
I think the problem lies in the LAN topology - from Postfix standpoint,
all connections to port 25 arrive from 192.168.0.1, which is part of
$mynetworks, and there is no way to tell which connection originated
in the LAN and which originated from the Internet.
Allowing only $myhostname to send mail is too restrictive, because I
want to be able to send mail from a mail client running on the Windows
machine. Receiving mail can be restricted to the local machine only,
but I don't see how this can help me.
If I allow sending mail from machine A to the world, then anybody
on the Internet can send mail to anybody anywhere.
- Can I do what I want with just configuring Postfix?
- Is Qmail any better in solving this problem?
- Can I do it without changing the network topology (like moving the
ADSL connection from the Windows machine to the Linux one)?
Here is what an open relay test shows:
$ telnet relay-test.mail-abuse.org
Connected to relay-test.mail-abuse.org (18.104.22.168).
Escape character is '^]'.
Connecting to xxx.xxx.xxx.xxx ...
<<< 220 xxxx.xxxxxx.xxxxxx.xxx ESMTP Postfix (2.0.13) (Mandrake Linux)
>>> HELO cygnus.mail-abuse.org
<<< 250 xxxx.xxxxxx.xxxxxx.xxx
:Relay test: #Quote test
>>> mail from: <spamtest@DSLxxx-xxx-xxx-xxx.xx.xxxx.xxx>
<<< 250 Ok
>>> rcpt to: <"firstname.lastname@example.org">
<<< 250 Ok
<<< 250 Ok
:Relay test: #Test 1
>>> mail from: <email@example.com>
<<< 250 Ok
>>> rcpt to: <firstname.lastname@example.org>
<<< 250 Ok
<<< 221 Bye
Tested host banner: 220 xxxx.xxxxxx.xxxxxx.xxx ESMTP Postfix (2.0.13) (Mandrake Linux)
System appeared to accept 1 relay attempts
Connection closed by foreign host.
These are the log lines generated by the above test:
postfix/smtpd: connect from unknown[192.168.0.1]
postfix/smtpd: AC28A10C73: client=unknown[192.168.0.1]
postfix/smtpd: 8FFFA10C73: client=unknown[192.168.0.1]
postfix/smtpd: disconnect from unknown[192.168.0.1]
This is the Postfix configuration I had during that test:
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
WinGate is a pretty sorry firewall/proxy from my experience, but any way...
Seems like your main.cf doesn't have the original comments...
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
# clients in the same IP subnetworks as the local machine.
# On Linux, this does works correctly only with interfaces specified
# with the "ifconfig" command.
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# clients in the same IP class A/B/C networks as the local machine.
# Don't do this with a dialup site - it would cause Postfix to "trust"
# your entire provider's network. Instead, specify an explicit
# mynetworks list by hand, as described below.
# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
#mynetworks_style = class
mynetworks_style = subnet
#mynetworks_style = host
# Alternatively, you can specify the mynetworks list by hand, in
# which case Postfix ignores the mynetworks_style setting.
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#mynetworks = 22.214.171.124/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
By the way, I would really not recommend testing your MTA with a tester from an RBL. That's a good way to end up on a blacklist that will be difficult to get off of. Test it by hand. All you need is a shell on an outside host. how to test open relay by hand