LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
LinkBack Search this Thread
Old 11-21-2007, 12:24 PM   #1
PcPixel
LQ Newbie
 
Registered: Nov 2007
Posts: 2

Rep: Reputation: 0
Postfix still accepting non FQDN


I'm looking to deploy a Postfix server in place of a sendmail server after reading up on how Postfix works. I've got the system so it can deliver mail locally, but now I'm looking to add security (gradually) to the Postfix install. I'm trying to test out the server accepting FQDNs only. I telnet to the system & issue a: HELO sparky . If I continue composing the email in telnet, it happily accepts everything. What am I doing wrong? This is my Postfix configuration to date:
================================================== ======
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
default_privs = nobody

myhostname = postfix.quirkygames.com
mydomain = quirkygames.com
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks_style = class
inet_interfaces = all

relay_domains = $mydestination

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

unknown_local_recipient_reject_code = 550

debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix

setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
#=========================================================
smtpd_delay_reject = yes
smtpd_helo_required = yes

smtpd_helo_restrictions =
permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_hostname,
permit

smtpd_recipient_restrictions =
permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_hostname,
permit

==================================================
If I activate just the helo restrictions, it lets the email complete. If I enable the recipient restrictions, the moment I telnet to port 25, the cursor just hangs.

Any help would be appreciated.

Last edited by PcPixel; 11-21-2007 at 12:48 PM.
 
Old 11-21-2007, 01:03 PM   #2
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,623

Rep: Reputation: 164Reputation: 164
Quote:
What am I doing wrong?
Nothing. You have permit_mynetworks first in your helo_restrictions, so anyone
telnetting from the LAN would pass the helo tests without question.
 
Old 11-21-2007, 02:02 PM   #3
PcPixel
LQ Newbie
 
Registered: Nov 2007
Posts: 2

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Berhanie View Post
Nothing. You have permit_mynetworks first in your helo_restrictions, so anyone
telnetting from the LAN would pass the helo tests without question.
D'oh!! Makes sense. I guess it's like the book says: position. position. position. So you have to be certain that you order the restrictions the way you want them applied.

Though, why is it if I include the smptd_recipient_restrictions area, the telnet session sits frozen? I don't even get the greeting from the mail server.

Also, the book I'm reading on postfix says that to do the FQDN protection it goes in the recipient restrictions. Why would that be? Their restrictions are printed:
smtp_recipient_restrictions = permit_mynetworks,reject_unauth_destination,reject_non_fqdn_hostname, permit

Last edited by PcPixel; 11-21-2007 at 02:04 PM.
 
Old 11-21-2007, 08:22 PM   #4
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,623

Rep: Reputation: 164Reputation: 164
Quote:
Though, why is it if I include the smptd_recipient_restrictions area, the telnet session sits frozen?
Check your mail logs. But the reason is probably that your recipient_restrictions are too permissive. See the postconf(5) man page for rules that are mandatory for smtpd_recipient_restrictions.

Also. with smtpd_delay_reject = yes, as you have it, the client would not be rejected until the RCPT TO phase, even if the client violated one of the helo_restrictions. In this case, you can list your access rules under a single recipient_restrictions stanza (instead of having separate client_restrictions, helo_restrictions, etc.)

Last edited by Berhanie; 11-21-2007 at 08:23 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix not accepting external emails samnjugu Linux - Server 14 03-18-2007 06:04 AM
POSTFIX and not fqdn gabsik Linux - Networking 3 05-10-2006 07:23 AM
Postfix smtp not accepting connections Spleenie Linux - Software 0 01-23-2005 05:04 AM
FQDN - not darb Linux - General 1 10-04-2004 03:57 PM
Postfix mail server not accepting incoming mail from the external interface rexmundi Linux - Networking 7 12-22-2003 03:41 PM


All times are GMT -5. The time now is 05:37 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration