Postfix still accepting non FQDN
I'm looking to deploy a Postfix server in place of a sendmail server after reading up on how Postfix works. I've got the system so it can deliver mail locally, but now I'm looking to add security (gradually) to the Postfix install. I'm trying to test out the server accepting FQDNs only. I telnet to the system & issue a: HELO sparky . If I continue composing the email in telnet, it happily accepts everything. What am I doing wrong? This is my Postfix configuration to date:
================================================== ====== queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix default_privs = nobody myhostname = postfix.quirkygames.com mydomain = quirkygames.com myorigin = $mydomain mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks_style = class inet_interfaces = all relay_domains = $mydestination alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases unknown_local_recipient_reject_code = 550 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man #========================================================= smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname, permit smtpd_recipient_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname, permit ================================================== If I activate just the helo restrictions, it lets the email complete. If I enable the recipient restrictions, the moment I telnet to port 25, the cursor just hangs. Any help would be appreciated. |
Quote:
telnetting from the LAN would pass the helo tests without question. |
Quote:
Though, why is it if I include the smptd_recipient_restrictions area, the telnet session sits frozen? I don't even get the greeting from the mail server. Also, the book I'm reading on postfix says that to do the FQDN protection it goes in the recipient restrictions. Why would that be? Their restrictions are printed: smtp_recipient_restrictions = permit_mynetworks,reject_unauth_destination,reject_non_fqdn_hostname, permit |
Quote:
Also. with smtpd_delay_reject = yes, as you have it, the client would not be rejected until the RCPT TO phase, even if the client violated one of the helo_restrictions. In this case, you can list your access rules under a single recipient_restrictions stanza (instead of having separate client_restrictions, helo_restrictions, etc.) |
All times are GMT -5. The time now is 03:14 AM. |