Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I'm looking to deploy a Postfix server in place of a sendmail server after reading up on how Postfix works. I've got the system so it can deliver mail locally, but now I'm looking to add security (gradually) to the Postfix install. I'm trying to test out the server accepting FQDNs only. I telnet to the system & issue a: HELO sparky . If I continue composing the email in telnet, it happily accepts everything. What am I doing wrong? This is my Postfix configuration to date:
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
default_privs = nobody
If I activate just the helo restrictions, it lets the email complete. If I enable the recipient restrictions, the moment I telnet to port 25, the cursor just hangs.
Nothing. You have permit_mynetworks first in your helo_restrictions, so anyone
telnetting from the LAN would pass the helo tests without question.
D'oh!! Makes sense. I guess it's like the book says: position. position. position. So you have to be certain that you order the restrictions the way you want them applied.
Though, why is it if I include the smptd_recipient_restrictions area, the telnet session sits frozen? I don't even get the greeting from the mail server.
Also, the book I'm reading on postfix says that to do the FQDN protection it goes in the recipient restrictions. Why would that be? Their restrictions are printed:
smtp_recipient_restrictions = permit_mynetworks,reject_unauth_destination,reject_non_fqdn_hostname, permit
Though, why is it if I include the smptd_recipient_restrictions area, the telnet session sits frozen?
Check your mail logs. But the reason is probably that your recipient_restrictions are too permissive. See the postconf(5) man page for rules that are mandatory for smtpd_recipient_restrictions.
Also. with smtpd_delay_reject = yes, as you have it, the client would not be rejected until the RCPT TO phase, even if the client violated one of the helo_restrictions. In this case, you can list your access rules under a single recipient_restrictions stanza (instead of having separate client_restrictions, helo_restrictions, etc.)